Firstly, it totally depends on the intention of malware injection. Reconnaissance or gathering information is the first step, you could use N-map or banner grabbing to gather enough information about the open ports and response of the target machine. Delivery is mostly injecting the payload or malware file. Depending on what you want to exploit, you inject the appropriate malware and install only if there is a need to gain more access. This is then followed by action and objectives/ command and control.
Thus, to sum it up, knowing the intention behind malware attack will help you break down the process with cyber kill chain.