Skip to content

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.
  • Labs icon Lab
  • A Cloud Guru
Google Cloud Platform icon
Labs

Looking for Malware on Windows Systems

>NOTE: This lab will take some time to start. This is because the Windows machine runs several preparation scripts once it starts, we ask the environment to wait until this is done before marking the lab as ready for your use. In this lab, we will investigate a suspicious process running on a Windows host, document key data points, and create a dump file of the process.

Try for free Contact sales
Google Cloud Platform icon
Labs

Path Info

Level
Clock icon Beginner
Duration
Clock icon 30m
Published
Clock icon Mar 18, 2019

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.

Table of Contents

  1. Challenge

    Document suspicious process information.

    1. Use a Remote Desktop client to connect to the lab server on it's public IP address on port 3389. The Windows lab servers take a few minutes to come up so please be patient.
    2. Open up notepad.exe.
    3. Open up the Task Manager.
    4. On the Processes tab, find the process named amazon-ssm-agent, right click on the amazon-ssm-agent and select Go to details.
    5. From the Details tab, document the PID and Username for the amazon-ssm-agent process.
    6. Right click on the amazon-ssm-agent and select Go to service(s), document the service name.
    7. Go back to the Processes tab and right click on the amazon-ssm-agent process and select Open file location. Document the file path.
    8. Save all this information in a file named "investigation.txt" on the Desktop of the server.

  2. Challenge

    Create a dump file of the suspicious service.

    1. Open up the Task Manager.
    2. On the Proceses tab, find the procecess named amazon-ssm-agent, then right click on it and select Create dump file.
A Cloud Guru - Labs - Looking for Malware on Windows Systems
Author
A Cloud Guru

The Cloud Content team comprises subject matter experts hyper focused on services offered by the leading cloud vendors (AWS, GCP, and Azure), as well as cloud-related technologies such as Linux and DevOps. The team is thrilled to share their knowledge to help you build modern tech solutions from the ground up, secure and optimize your environments, and so much more!

What's a lab?

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Provided environment for hands-on practice

We will provide the credentials and environment necessary for you to practice right within your browser.

Guided walkthrough

Follow along with the author’s guided walkthrough and build something new in your provided environment!

Did you know?

On average, you retain 75% more of your learning if you get time for practice.

Start learning by doing today

View Plans