×

System and method for detecting file altering behaviors pertaining to a malicious attack

  • US 9,846,776 B1
  • Filed: 10/31/2016
  • Issued: 12/19/2017
  • Est. Priority Date: 03/31/2015
  • Status: Active Grant
First Claim
Patent Images

1. A system comprising:

  • one or more processors; and

    a storage module communicatively coupled to the one or more processors, the storage module comprising logic that, upon execution by the one or more processors, performs operations comprising;

    receiving configuration information that identifies at least one or more locations of a system operating within a virtual machine for placement of lure data in the system, the lure data being configured to entice interaction of the lure data by malware associated with an object under analysis,placing the lure data within the system according to the configuration information,subsequent to placing the lure data within the system, selectively modifying information associated with the lure data,processing the object within the virtual machine, anddetermining whether the object exhibits one or more behaviors that alter the lure data or a portion of the system based on a comparison of one or more actions performed while processing the object that are associated with the lure data and one more patterns that represent one or more changes to the system associated with the lure data caused by known malware.

View all claims
  • 7 Assignments
Timeline View
Assignment View
    ×
    ×