How to Detect Running Malware - Intro to Incident Response Triage (Part 7)
www.cybertriage.com/blog/training/how-to-detect-running-malware-intro-to-incident-response-triage-part-7/
1 Users
0 Comments
13 Highlights
0 Notes
Tags
Top Highlights
When you launch a program
Windows will
Copy the contents of the executable file
into memory
Load supporting libraries (such as .dll files)
When a process is running, it can create additional threads. Threads allow a process to be executing different sets of instructions at (basically) the same time
user activity
malicious programs
malicious system changes
Are there suspicious programs that start based on some trigger
Are there suspicious processes currently running?
Are there remnants of past executions of known malicious programs?
executable file contains computer instructions and data
Ready to highlight and find good content?
Glasp is a social web highlighter that people can highlight and organize quotes and thoughts from the web, and access other like-minded people’s learning.