njaved96-eng/dynamic-malware-analysis-notepad-classico

# Notepad-Classico Malware Analysis Lab ## Overview This repository contains a malware analysis laboratory focused on the investigation of the executable sample: notepad-classico.exe The objective of this exercise was to perform both manual dynamic analysis and automated sandbox analysis in order to identify suspicious behavior, runtime activity, and potential malicious indicators. The project combines traditional malware investigation techniques with AI-assisted interpretation. ## Analysis Environment Environment used during analysis: - FlareVM - Process Monitor (Sysinternals) - Wireshark - Cuckoo Sandbox - Threat Intelligence integrations - AI-assisted behavioral assessment ## Activities Performed ### Dynamic Malware Analysis Behavior observed: - Process execution monitoring - Thread creation analysis - DLL loading investigation - Registry activity inspection - Network activity monitoring - TCP communication analysis - Runtime behavior observation ### Cuckoo Sandbox Analysis Automated sandbox analysis included: - Static analysis - Behavioral analysis - API monitoring - Process tree analysis - Threat intelligence correlation - YARA detections - VirusTotal validation - IntelMQ intelligence enrichment ### AI-Assisted Assessment An additional AI-assisted malware assessment was performed to correlate: - Behavioral indicators - Process activity - Registry observations - Threat intelligence findings ## Key Findings Indicators identified: - Suspicious API activity - Thread creation behavior - Registry inspection activity - Network communication indicators - YARA detections - Threat intelligence correlation - High malware detection score ## Learning Objectives This laboratory demonstrates practical skills involving: - Dynamic Malware Analysis - Sandbox Analysis - Threat Intelligence - IOC Investigation - Security Reporting - Malware Behavioral Analysis Author: Nouman J Nizami Cybersecurity Laboratory Project