Blog Post #2

The Setup

Why did you and your team choose the technologies you did? How will your project use them?

Our team has developed a structured approach to malware analysis, which is depicted in the Malware Analysis Structural Diagram above. To ensure a secure environment, we will be using VMware to set up three guest operating systems on a host-only network. This will enable us to conduct comprehensive and effective malware analysis in a simulated environment without risking damage to our own systems.

Our malware analysis workflow relies on a variety of powerful tools for both static and dynamic analysis, including but not limited to PEiD, Strings, hashing, Process Monitor, IDAfree, PEBrowse, Process Explorer, Dependency Walker, ResourceHacker, Ghidra, and Flare-Floss. These tools were selected based on their proven effectiveness, as well as insights gleaned from the Practical Malware Analysis textbook. Our team recognizes that malware analysis can be a formidable task, and that analysts need all the help they can get! Hence, our suite of tools has been chosen with care to provide the most useful and accurate results possible.

The insights gained during our investigations, including any findings and behavioral malware classification, will be stored on a host computer system, outside of VMware. Through this process, our team aims to gain a better understanding of the threats we face today and how to protect against them. By leveraging the power of cutting-edge technology and analysis tools, we’re confident that we’ll be able to achieve our goal and work toward the development of increasingly secure systems.

The UI/UX Experience

What do you like/dislike about the UI/UX of your Malware Analysis Project?

It’s truly amazing to be able to run a “computer within a computer.” In our malware analysis project, we use VMware to operate two or more operating systems (OS’s) simultaneously on a host computer, often referred to as a “bare metal” computer. This allows us to conduct investigations within these OS’s.

I’ve found that the VMware user interface (UI) and user experience (UX) are both easy to navigate and seamless. Installing and running OS’s on VMware is guided, smooth, and versatile, with drop-down menus in the upper left corner. These menus are familiar, like those found in any word-processing software or navigation links. The UX is fast, and downtime is minimal. I’m astounded that I can run three OS’s on my VMware, all hosted on a computer running at least 20 other programs!

One area where there’s room for improvement is the requirement to shut down the OS to make specific changes. For example, the OS must be completely shut down to turn functions, such as “drag and drop” or “cut and paste,” on or off.  However, changing this requirement is up for debate, since making changes to the computer while the machine is running could compromise the security of the OS.

How the Team Works

What do you like/dislike about the project’s structural design? Does it enable you to work independently?

The structural design of the Malware Analysis project has proven successful so far, allowing for both collaborative teamwork and individual work. This design enables each team member to contribute his or her unique skills and strengths while still working towards the project’s goals. Our bi-weekly team meetings and well-defined roles and responsibilities ensure that everyone is on the same page.

Additionally, each team member has established his or her own malware analysis lab, providing the freedom to explore, research, and experiment independently. The project’s design fosters teamwork through note-taking and sharing, asking questions, collaborating on Teams, and workload sharing. While it takes effort to continuously check in with the team, the combination of individual labs and collaborative efforts promotes personal growth and team success.