-
Book Overview & Buying
-
Table Of Contents
-
Feedback & Rating

Effective Threat Investigation for SOC Analysts
By :

In this section, we will conduct a hands-on demo lab to provide a better understanding of how to analyze real malware by using the previously mentioned tools that exist in our in-house sandbox. The malicious file analyzed in this section is named Kenora.exe
. To investigate that suspicious file, we will do the following:
The first step we will take to investigate the suspicious file is to use the YARA tool to run the YARA rules on the file. To do this, we will use the command prompt (CMD) to execute the YARA rule, which is located at D:\YARA\yara64.exe
. Also, we will use the downloaded YARA rules repository, located at D:\YARA\rules-YARA
, to run against the suspected file, Kenora.exe
, which is located at D:\Malware\Kenora.exe
. The final command is as follows:
d:\YARA\yara64.exe -w d:\YARA\rules-YARA\index.yar d:\Malware\Kenora...
Change the font size
Change margin width
Change background colour