JABATAN TEKNOLOGI MAKLUMAT DAN KOMUNIKASI

POLITEKNIK UNGKU OMAR

SESI JUN 2020

KOD KURSUS : DFS40122

NAMA KURSUS : MALWARE ANALYSIS
PENILAIAN : CASE STUDY

SESI SEMASA : ________________________

SEKSYEN KURSUS : ________________________
NAMA PENSYARAH KURSUS : ____________________________________
ARAHAN PENILAIAN:

1. Jawab semua / pilihan soalan dalam masa ………….minit/hari

2. Jawapan adalah secara individu/berkumpulan.
3. Kembalikan soalan setelah selesai menjawab / Soalan boleh disimpan oleh pelajar.
4. Lain-lain arahan yang bersesuaian mengikut kursus.
NO. PENDAFTARAN NAMA CLO MARKAH

1
Jumlah

Disediakan oleh: Disemak dan Disahkan oleh:

AZRUL JUNAIDI ABD AZIZ

 DFS40122 MALWARE ANALYSIS

CASE STUDY SCENARIO:

You're a contractor working at the prestigious firm of:

Buragas Consulting, Inc

232 Jalan Dedap 14
Ipoh, 31400

Your boss, Mr Asura, has assigned to you a case to analyse two files of a questionable nature.
Law enforcement recovered the files from a workstation at Bercham Industries after their IT
department noticed curious traffic across their network originating from the workstation. The
lead investigator indicated that his team believes the software was the origin of this traffic
after a cursory look, but has contacted Palindrome to identify specifically what the software
is and how it works.

YOUR TASK:
Conduct both a static and dynamic analysis of the two files. Report the procedures you used,
the results, and, if it is in fact malware, the possible legal implications of the files use.

IMPORTANT

1. For this assignment, you'll user Window operating system installed. You can
either use a window 10 or window 7 which have worked in the past.
2. Conduct your analysis within a virtual machine only.

3. DO NOT download or extract these files to any physical computer belonging to you
or polytechnic.

4. IF, the files are malware, make sure that the VM you use for the analysis is set to a
host-only based network after you download the files to your VM just in case. As a
bonus, that's good incident response and forensic practice as you do not know what
the software would do once executed.
DELIVERABLE:
Conduct your analysis and provide a written report (.pdf preferred or .doc format).

1. Analysis Overview

Written in non-technical terms which describes the purpose of the software and the
legal implications of someone having and using the software. Provide an example or two of
incidents where such software has been used. This section should be titled "Analysis
Overview."

2. Technical Section

A complete, specific, and detailed explanation of the results of your static and
dynamic analysis. Do not include all of the results for the longer, more detailed results. Just
bring up a few screenshots that point out the 'interesting' parts of the results that assisted you
in identifying what the software does (open ports? open files? etc.). This section should be
titled 'Technical Section.'

3. For each tool you run you need to describe

✓ What you were doing
✓ Why you were doing it / what was the objective
✓ An interpretation of the results.
✓ If you just provide a screenshot of your commands and results with no
interpretation, you get zero credit. Interpretation matters.

o I expect you to provide a thorough and clearly understandable report covering both static
and dynamic analysis.
o Note that the report explained what was being done, why, and an interpretation of the
results for each tool/command.
RUBRIC
PLO 3: Display Information and Communication Technology (ICT) skill in performing diagnostic and documenting processes in ICT related fields
Criteria
Install Malware in VMware
Wokstation
Performs basic static
malware analysis in virtual
machine
Prepare report by
monitoring result from the
basic static malware
analysis tools
Penggubal: AZRUL JUNAIDI ABD AZIZ
PERFORMANCE LEVEL
Weightage
Standard Score
(%)
Excellent Good Moderate Poor
4 3 2 1
MANAGERIAL SKILLS
Able to Install Malware Able to Install Malware in Able to Install Malware in Unable to Install
in VMware Wokstation VMware Wokstation with VMware Wokstation with Malware in VMware
without guidance minimal guidance guidance Wokstation with 20 /4* 20
guidance
Able to Performs basic Able to Performs basic Able to Performs basic Unable to Performs
static malware analysis static malware analysis in static malware analysis basic static malware
in virtual machine virtual machine with in virtual machine with analysis in virtual 40 /4* 40
without guidance minimal guidance guidance machine with guidance
Able to Prepare report Able to Prepare report by Able to Prepare report by Unable to Prepare
by monitoring result monitoring result from the monitoring result from report by monitoring
from the basic static basic static malware the basic static malware result from the basic 40 /4* 40
malware analysis tools analysis tools with analysis tools with static malware analysis
without guidance minimal guidance guidance tools with guidance
Total Score