FileType and Architecture

add details here
...

VirusTotal / Abuse.ch Results

Add interesting results here
...

Interesting Strings

List of Interesting strings:
...

[screenshots]

Interesting Modules

List of Interesting Modules used:
...

[screenshots]

Indicators of Packing

strings / loaded DLLs / imported Modules / irregular PE sections / section entropy

Sandbox run

Outcome of sandbox execution
...

Initial Detonation

What happens upon initial detonation?

Prior to internet simulation setup

  • Does the binary kill itself?
  • Is there anti-sandbox?
  • Is there anti-debugging?
  • Is there connectivity based kill switch?
    [screenshots]

Detonation with Network Connectivity

What happens when DNS is set up?

Host Indicators

What are the host indicators?

Executed system operations

  • Does the binary write files to disk?
  • Does it open new processes
  • Does it modify the registry?
  • Does it perform any injection?
    etc.
    [screenshots]

Network Indicators

What are the network inidcators?

Executed network / internet operations

  • Does the binary make internet requests?
  • Does it attempt to download a file?
  • Does it attempt to retrieve some sort of 'task'?
    [screenshots]

Conclusion

Table Of Contents
FileType and Architecture
VirusTotal / Abuse.ch Results
Interesting Strings
Interesting Modules
Indicators of Packing
Sandbox run
Initial Detonation
Detonation with Network Connectivity
Host Indicators
Network Indicators
Conclusion