Dynamic Analysis Workflow

1 min read Advanced Security Topics

Dynamic Analysis Workflow

Dynamic analysis reveals runtime behavior:

Pre-Execution Setup:

  1. Start network capture
  2. Enable process monitoring
  3. Configure registry monitoring
  4. Prepare file system tracking
  5. Take VM snapshot

Execution Monitoring:

# Monitor with Procmon
procmon /Quiet /Minimized /BackingFile malware.pml

# Capture network traffic
netsh trace start capture=yes

# Monitor DNS queries
ipconfig /displaydns > dns_before.txt
# Execute malware
# ...
ipconfig /displaydns > dns_after.txt

Behavioral Indicators:

  • File creation/modification
  • Registry key manipulation
  • Network connections
  • Process creation
  • Service installation
  • Mutex creation
  • API hooking