Analysis
Capacities Mitre Att@ck
Static
Yara quick scan
yara index.yar <suspicious.exe> 2>/dev/null
| Tools | Usage |
|---|---|
| Yara Rules,Awesome-Yara | Detect capacities and universal detection |
| String, Flair FLOSS | Detect strings and import (C2, URL) |
| PE-Bear | Detect packing |
| CFF Explorer | Edit quickly exe |
Dynamic
Sysinternals
| Tools | Usage |
|---|---|
| Procmon | Monitor registry, DLL |
| TCP View | Monitor TCP Trafic (Detect C2) |
| Process Hacker | Monitor DLL, open files |