Item |
Description |
||||||
|---|---|---|---|---|---|---|---|
Estimated result |
Overall assessment of possible maliciousness.
|
||||||
Detected |
Brief information on the file behavior and detected threats. |
||||||
Tags |
Tags added by a user or by a triggered YARA rule. |
||||||
Size |
File size. |
||||||
Format |
File format. |
||||||
SHA1 |
File hash. |
||||||
Comment |
In this field, you can put any additional information you may need. There is a limit of 200 characters for a comment. |
||||||
More |
|||||||
Analysis started |
Date and time the analysis started. It is counted from the moment the file was launched on a virtual machine. |
||||||
Use of VNC |
Use of the VNC client during the analysis (yes/no). |
||||||
Sample run time |
Sample run time that was specified in the additional settings of analysis. |
||||||
Total analysis time |
Total duration of file analysis. |
||||||
Command to run the file |
The command specified in the additional settings to run the file you are analyzing. |
||||||
Sample name |
The name of the file that was sent for analysis. More… |
||||||
Connection type |
The type of the connection. More… |
||||||
Monitor all processes if VNC is used |
Monitor all processes if VNC is used (yes/no). More… |
||||||
Total size limit for drops |
The limit on the total size of files generated during analysis. More… |
||||||
Enable auto clicker |
Enable auto clicker (yes/no). |
||||||
Сopy full raw hypervisor log |
Сopy full raw hypervisor log (yes/no). |
||||||
Flex sample time |
Use flex sample time (yes/no). |
||||||
Forward the specified ports from guest VM |
Forward the specified ports from guest VM. Example: 2343, 4353:tcp. |
||||||
Get *.lib files and raw dumps |
Get *.lib files and raw dumps (yes/no). |
||||||
Maximum number of triggered breakpoints |
Set the maximum number of triggered breakpoints. |
||||||
Lifetime of processes in seconds |
Set the lifetime of processes. Example: notepad.exe,35,winword.exe,20. |
||||||
Start user batch script before sample |
Start a user batch script before running the sample. |
||||||
Set system date |
Set a system date on VM on which the analysis is performed. Example: 17.03.2022. |
||||||
Dump browser modules |
Dump browser modules (yes/no). |
||||||
Dump memory-mapped files (only after execution) |
Dump memory-mapped files (only after execution) (yes/no). |
||||||
Dump SSDT |
Dump SSDT (yes/no). |
||||||
Dump processes (only after execution) |
Dump processes (yes/no). |
||||||
Get all allocs and drops |
Get all allocs and drops (yes/no). |
||||||
Size of Crypto API buffers limit in MB |
Set size of Crypto API buffers limit in MB. Example: 512. |
||||||
Injects count limit |
Set a limit for injects. Example: 100. |
||||||
WriteFile buffers limit in MB |
Set WriteFile buffers limit in MB. Example: 256. |
||||||
To the right from the general information part, there is a screenshot and a video report about the file’s behavior when it was run in a guest operating system.