SACI: Solution for Automated Behavioral Analysis of Infectious Code in Modern MS Windows Operating Systems
Abstract
Although operating systems evolve their defenses, malicious code remains the main way to infect users. In this article, we propose SACI, a solution for automated behavioral analysis of suspicious executables for MS Windows 10 and 11. Through a filter driver and an infrastructure that promotes high availability and scalability, SACI allows obtaining information about malware’s lifetime on the monitored system, as well as provides data on its security tokens, I/O operations, Registry changes, process creation tracking and use of threads.References
Botacin, M., Ceschin, F., and Grégio, A. (2021). Corvus: Uma solução sandbox e de threat intelligence para identificação e análise de malware. In Anais Estendidos do XXI SBSeg, pages 50–57, Porto Alegre, RS, Brasil. SBC.
Botacin, M., de Geus, P. L., and Grégio, A. R. A. (2018). The other guys: automated analysis of marginalized malware. Journal of Computer Virology and Hacking Techniques, 14:87–98.
CISA (2022). Mar-10375867-1.v1 – hermeticwiper. [link].
Figueiredo, G. V., Cattelan, R. G., and Miani, R. S. (2022). Sandbox as a service: automatizando a configuracão do cuckoo sandbox e a geração de dados para análise de malware. In WTICG, SBSeg. SBC.
Guarnieri, C. (2013). Cuckoo sandbox. [link].
Proxmox (2024). Proxmox virtual environment. [link].
Ribeiro, A. d. S., Canedo, E. D., Mendonça, F. L. L., and Junior, R. T. d. S. (2020). Malware analysis using the unbox tool. In 17th International Conference on Information Technology–New Generations (ITNG 2020), pages 127–135. Springer.
Souza, C. and Silva, F. (2021). Freki: Uma ferramenta para análise automatizada de malware. In Anais Estendidos do XXI SBSeg, pages 58–65, Porto Alegre, RS, Brasil. SBC.
Botacin, M., de Geus, P. L., and Grégio, A. R. A. (2018). The other guys: automated analysis of marginalized malware. Journal of Computer Virology and Hacking Techniques, 14:87–98.
CISA (2022). Mar-10375867-1.v1 – hermeticwiper. [link].
Figueiredo, G. V., Cattelan, R. G., and Miani, R. S. (2022). Sandbox as a service: automatizando a configuracão do cuckoo sandbox e a geração de dados para análise de malware. In WTICG, SBSeg. SBC.
Guarnieri, C. (2013). Cuckoo sandbox. [link].
Proxmox (2024). Proxmox virtual environment. [link].
Ribeiro, A. d. S., Canedo, E. D., Mendonça, F. L. L., and Junior, R. T. d. S. (2020). Malware analysis using the unbox tool. In 17th International Conference on Information Technology–New Generations (ITNG 2020), pages 127–135. Springer.
Souza, C. and Silva, F. (2021). Freki: Uma ferramenta para análise automatizada de malware. In Anais Estendidos do XXI SBSeg, pages 58–65, Porto Alegre, RS, Brasil. SBC.
Published
2024-09-16
How to Cite
TOMASI, Bernardo; RIBEIRO, Davi C.; FRIEDRICH, Pedro; MEI, Ruibin; FURUTA, Yago; CORREIA, Jorge; GRÉGIO, André.
SACI: Solution for Automated Behavioral Analysis of Infectious Code in Modern MS Windows Operating Systems. In: TOOLS - BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 24. , 2024, São José dos Campos/SP.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 153-160.
DOI: https://doi.org/10.5753/sbseg_estendido.2024.243328.
