Skip to content

Extra Lab: Procdot

Overview

The purpose of this exercise is to get familiar with Procdot, and see how it condenses information compared to Process Monitor.

Usage

For a quick summary of Procdot functionality, see the Procdot Guide.

Part 1: avzhan

Use Process Monitor to log events for avzhan (found at c:\malware\avzhan\avzhan.exe), and use Procdot to examine them. Is it easier to "see" the timing relationships with Procdot than Process Monitor?

Run as Administrator

Make sure to run the malware as admin by right-clicking and selecting Run as Administrator

Part 2: Wannacry

Use Process Monitor to log events for Wannacry (found at c:\malware\wannacry\wannacry.exe), and use Procdot to examine them.

Tip

Since Wannacry generates a lot of output, this is a good time to flex your Process Monitor filtering skills. Since a lot of the files it creates are repetitive, feel free to filter out a large majority of them.

Part 3: Stabuniq

Use Process Monitor to log events for Stabuniq (found at c:\malware\stabuniq\stabuniq.exe), and use Procdot to examine them.

Run as Administrator

Make sure to run the malware as admin by right-clicking and selecting Run as Administrator