• Tutorials
  • Courses
  • Tracks

Cyber Quiz Day 48

Last Updated :
Discuss
Comments

Question 1

What is the main goal of dynamic malware analysis?

  • To understand malware logic by decompiling it

  • To identify file hashes before execution

  • To extract readable strings from the binary

  • To observe malware behavior during execution in a controlled environment

Discuss it

Question 2

Which tool provides real-time monitoring of system and registry events when executing a malware sample?

  • Process Monitor

  • PEview

  • Resource Hacker

  • Strings

Discuss it

Question 3

You execute a malware sample in a sandbox and see multiple processes like svchost.exe and cmd.exe. Which tool helps visualize parent-child process relationships?

  • Process Explorer

  • Process Hacker

  • RegShot

  • Autoruns

Discuss it

Question 4

If malware modifies registry entries to start automatically after reboot, which tool can confirm this by comparing snapshots?

  • RegShot

  • Process Monitor

  • PE Studio

  • BinText

Discuss it

Question 5

While analyzing with Process Monitor, you observe frequent WriteFile operations to .tmp files in %AppData%. What might this indicate?

  • Temporary installation logs

  • Legitimate Windows caching

  • Antivirus quarantine files

  • Data staging for exfiltration or payload unpacking

Discuss it

Question 6

A malware process creates a registry key under HKCU\Software\Microsoft\Windows\CurrentVersion\Run\svchost.exe. What does this suggest?

  • Keylogging activity

  • Network connection setup

  • Persistence mechanism

  • DLL injection attempt

Discuss it

Question 7

During analysis, a process is seen injecting code into another process. Which Windows API call might indicate this?

  • CreateRemoteThread()

  • GetModuleHandle()

  • RegOpenKeyEx()

  • CopyFileA()

Discuss it

Question 8

Which precaution should always be taken before performing dynamic malware analysis?

  • Enable internet access for realistic testing

  • Disable antivirus for execution freedom

  • Run the sample in an isolated sandboxed VM

  • Use your main system for faster performance

Discuss it

Question 9

In Process Monitor, which filter best helps identify registry persistence attempts?

  • Operation = “RegSetValue”

  • Operation = “CreateFile”

  • Path = “\Temp\”

  • Result = “SUCCESS”

Discuss it

Question 10

Why is RegShot used after running a malware sample for a short period?

  • To verify antivirus response

  • To detect registry or file system changes caused by malware

  • To monitor network connections

  • To extract metadata and version info

Discuss it

There are 10 questions to complete.

Take a part in the ongoing discussion