However, if you are analyzing this file as part of a or digital forensics exercise, a standard write-up should include the following core sections: 1. Executive Summary File Name: Victoria Bravo.rar File Type: RAR Compressed Archive Threat Level: (e.g., High, Moderate, Low)
Does it launch a secondary process? (e.g., cmd.exe , powershell.exe ).
Record the MD5 , SHA-1 , and SHA-256 hashes to uniquely identify the file. Victoria Bravo.rar
Note if it creates "persistence" by adding itself to the Windows Registry startup keys or moving files to C:\Users\...\AppData . 4. Indicators of Compromise (IOCs)
Details of what happens when the file is opened in a controlled sandbox: However, if you are analyzing this file as
This section covers information about the file without actually executing it:
Advice on updating antivirus signatures or blocking .rar attachments in email gateways. Record the MD5 , SHA-1 , and SHA-256
A brief overview of what the file is intended to do (e.g., credential theft, downloader, or harmless training file). 2. Static Analysis