Incident Response: Methodology and Case Study – Part III

As mentioned in the previous post, this post would be about dynamic analysis of the darkcomet with sysinternals. At the end of the post, you can download the attached file with the steps of how to share a folder (read-only) between host and the guest virtual machine. In this post we will continue with the analysis of darkcomet on windows 7 virtual machine. I hope you might have […]

Incident Response: Methodology and Case Study – Part II

In this article, I will continue with the memory / malware analysis which have been started in the previous post. At the end of the post, you will be able to download a Volatility cheat sheet along with a document related to Sysinternals. Till now we found the following: A suspicious process, named “runddl32.exe”. When we checked for the path, it wasn’t in the System32 […]