300-215 · Question #135
300-215 Question #135: Real Exam Question with Answer & Explanation
The correct answer is A: Conduct dynamic analysis to observe the malware's behavior in a controlled environment.. The listed Windows API functions suggest capabilities such as debugger/analysis evasion, file creation/writing, process control, sleeping/timing, and library loading. The next best step is controlled dynamic analysis (sandbox/isolated VM) to confirm what the executable actually d
Question
Refer to the exhibit. During a static analysis of the potentially malicious executable obpdisp.exe, a SOC analyst identifies several functions of the executable. The analyst must carefully consider the implications of these functions to effectively assess the threat level. Given these findings, which step should the analyst take next to further investigate and understand the threat?
Options
- AConduct dynamic analysis to observe the malware's behavior in a controlled environment.
- BCreate a named mutex object to prevent the malware from running multiple instances.
- CIgnore the file because static analysis has not flagged anything out of the ordinary in the sample.
- DRetrieve the address of an exported function to understand the malware's API interactions.
Explanation
The listed Windows API functions suggest capabilities such as debugger/analysis evasion, file creation/writing, process control, sleeping/timing, and library loading. The next best step is controlled dynamic analysis (sandbox/isolated VM) to confirm what the executable actually does at runtime, capture behavioral indicators (process/file/registry/network activity), and assess impact and intent beyond what static imports alone can prove.
Topics
Community Discussion
No community discussion yet for this question.