CompTIA SecurityX (CAS-005) — Question 280

An incident response team is analyzing malware and observes the following:

• Does not execute in a sandbox
• No network IoCs
• No publicly known hash match
• No process injection method detected

Which of the following should the team do next to proceed with further analysis?

Answer options

• A. Use an online virus analysis tool to analyze the sample.
• B. Check for an anti-virtualization code in the sample.
• C. Utilize a new deployed machine to run the sample.
• D. Search other internal sources for a new sample.

Correct answer: B

Explanation

The correct choice is B because malware often includes anti-virtualization techniques to avoid detection in sandbox environments. Options A and C may not be effective due to the malware's evasion tactics, while option D does not directly address the current sample's behavior.