In-depth Malware Behaviour Analysis: Network and Registry Changes in an Isolated Windows Environment

Abstract - This paper analyzes the malware variant of samples.exe and its impact on a Windows 10 virtual machine. The analysis employs Process Monitor (ProcMon) and Regshot as key tools to observe and document malware behavior. ProcMon tracks real-time events such as registry manipulations and DNS configuration changes, while Regshot captures and compares pre- and post-infection registry states. As sophisticated information-tracking utilities, like ProcMon and Regshot, have records at every step of malware operation, some obvious changes to system registry and network settings have been noticed. Key findings: This virus changes DNS settings. This would have an impact on traffic routing into malicious websites; the turning off of the real-time protection of the Windows Defender, a normal practice seen in this kind of virus for avoiding detection and
hence assured persistence. Still, more modification in registry locations, especially related to Windows Error Reporting and
Group Policy, hints at the big malware plan to destroy system policies and hide within them. The above steps have uncovered how strategic malware can threaten the system's stability and network integrity by severely compromising its security. In this regard, research overemphasizes the desperate need for capable detection mechanisms and proactive security measures that help overcome this ever-emerging threat in present and modern computer environments.

Keywords - Malware analysis, Registry modifications, DNS settings, ProcMon, Regshot