1
00:00:09,820 --> 00:00:15,880
Interpreting the output report of a malware analysis tool can be extremely helpful when you're trying

2
00:00:15,880 --> 00:00:24,160
to find the root cause of an attack amp threat grid and KOO-KOO sandbox are both tools that can be used

3
00:00:24,160 --> 00:00:31,450
to analyze malware amp through that grid analyzes suspicious behavior in your network against more than

4
00:00:31,450 --> 00:00:38,880
450 behavioral indicators and a malware knowledgebase sourced from around the world.

5
00:00:39,460 --> 00:00:46,990
As a result Ampe threat group provides accurate context rich analytics into malware that can be delivered

6
00:00:47,020 --> 00:00:53,050
as either a cloud based or Ancrum solution to help organizations understand what malware is doing or

7
00:00:53,050 --> 00:00:54,410
attempting to do.

8
00:00:54,460 --> 00:00:58,760
How large a threat it poses and how to defend against it.

9
00:01:00,160 --> 00:01:06,290
Let's take a look at how to analyze a mill where analysis report using Ampe through grid.

10
00:01:06,970 --> 00:01:13,600
I'm just going to pick a random file of the global list of files that have already been analyzed.

11
00:01:15,230 --> 00:01:19,760
So as you can see there is all sorts of good info displayed in this report.

12
00:01:20,300 --> 00:01:26,810
Behavioral indicators which is a list of all the suspicious activity found while running the file in

13
00:01:26,810 --> 00:01:34,920
the sandbox environment network activity information can be used to see if the file triggered an external

14
00:01:34,920 --> 00:01:40,210
see and see connections or scans to other devices on its network.

15
00:01:43,100 --> 00:01:48,950
You can also see the processes that were active after the file was launched to help pinpoint what it

16
00:01:48,950 --> 00:01:56,030
was trying to accomplish such as changing firewall rules on the machine it was installed on registry

17
00:01:56,030 --> 00:02:03,200
changes and file system changes are both key pieces of information here I can see which registry entries

18
00:02:03,200 --> 00:02:11,230
were modified as well as file system activity for both rad and modified content.

19
00:02:11,520 --> 00:02:16,530
Taking the time to analyze files that have been involved in a security incident can not only help you

20
00:02:16,530 --> 00:02:22,740
identify what the file was trying to do locally but it can also show you other places in the system

21
00:02:22,740 --> 00:02:24,920
or network that could have been affected.