1
00:00:06,770 --> 00:00:07,603
- [Instructor] Let's take a look

2
00:00:07,603 --> 00:00:10,133
at a real world example
of a malware report.

3
00:00:11,050 --> 00:00:13,310
We start out in AMP for Endpoints

4
00:00:13,310 --> 00:00:14,670
where we can see a collection

5
00:00:14,670 --> 00:00:17,840
of sample malware files
that have been analyzed

6
00:00:17,840 --> 00:00:20,343
by the Threat Grid malware analysis tool.

7
00:00:22,420 --> 00:00:26,100
We start out with analysis, file analysis,

8
00:00:26,100 --> 00:00:29,133
then select a sample
malware file to look at.

9
00:00:30,860 --> 00:00:34,393
This opens up the malware analysis report.

10
00:00:36,670 --> 00:00:38,510
If we scroll down in the report,

11
00:00:38,510 --> 00:00:41,878
we see the SHA256 hash of the malware file

12
00:00:41,878 --> 00:00:43,613
that was analyzed.

13
00:00:45,450 --> 00:00:49,730
From there we can look up the HTTP traffic

14
00:00:49,730 --> 00:00:51,420
that this specific malware

15
00:00:51,420 --> 00:00:52,863
has been generating.

16
00:00:58,357 --> 00:01:00,820
Next, we can examine the artifacts

17
00:01:00,820 --> 00:01:03,453
such as system events and networking.

18
00:01:10,450 --> 00:01:12,560
And finally, we will take a look

19
00:01:12,560 --> 00:01:15,180
at the actual malware being detonated

20
00:01:15,180 --> 00:01:17,383
in the glove box feature of Threat Grid.

21
00:01:22,900 --> 00:01:24,580
This is a very handy feature

22
00:01:24,580 --> 00:01:26,560
of the malware analysis tool

23
00:01:26,560 --> 00:01:29,750
that allows us to actually
see what is happening

24
00:01:29,750 --> 00:01:32,823
on the system while the
malware is infecting it.