Relative Content

Tag Archive for sandboxmalwaremalware-detection

How can we conclude a process is malicious based on procmon output

I am trying to build a custom malware sandbox(not using readymade approaches like cuckoo or others) I have captured the activities and operations generated by the process, now in the next phase i would like to know how threats can be detected based on the captured the activities and operations generated by the process?
Let me be very clear what i am looking for-
i just have the activities running in the system specifically generated by the process now i want to find out how can i find if something is malicious and able to prepare a report on that like we get in anyrun or any other sandboxes.