Seqrite Malware Analysis Platform

Analysis Report

Print Friendly, PDF & Email

After you upload a file for analysis through the Search tab on the left pane, an analysis report is generated for the uploaded file and searches hashes that are already present in the database. Various tabs in the report display the corresponding analysis data.
The following table provides the file details displayed on the analysis report page.

Item Description
File Name Displays the submitted file name.
Hash Displays the submitted file hash.
File Type Displays the file type.
Verdict Displays analysis verdict such as Clean, Malware, Ransomware, Suspiciouse.
Malware Category Displays the malware category.
Malwar Family Displays the malware family.
Submission Time Displays the time stamp when the file was submitted for analysis.
File Size Displays the uploaded file size.
Restrict Access Public or Private.
Tags Displays the system tags.

Add Tags

Detonation layer may automatically assign Tags during analysis. Threat Researchers has the provision to add Tags while conducting Manual Analysis. Additionally, Analyst or Threat researchers can add the following categories during any stage of analysis:

  • Affected OS/Platforms
  • Attack Type
  • Attack Vector
  • Indicators of compromise
  • Targeted Attacks
  • TTPs

Analyst or threat researchers can add tags under these categories by clicking the Manage Tags >Select Category>Enter tag name> +Add Tag>Save.
Note: It is mandatory to select the category while adding a tag name.
The added tags are visible under Added Tags. These tags help future researchers identify the file by these tagged attributes. Tags can also be removed just by click cross X sign next to the tag name and such removed tags are visible under Removed Tags.

Analysis Tabs

The visibility of some tabs is based on the availability of the data. The ability to add comments depends on your access permissions. You can view the following analysis tabs.

Summary

The submitted file or hash is scanned, and the summary is displayed. The displayed details may vary depending on the submitted file type. The Summery shows the following details:

  • Submitted By
  • First submission date
  • Last submission dates
  • Modified date
  • Verified
  • Verified date
  • Machine type

Static Attribute

Malware analysis is incomplete without the analysis of files attributes. Threat researchers use various tools to collect attributes of submitted files. Seqrite Malware Analysis Platform collects and processes the data from these tools and generates the analysis report for the submitted sample.
The static attributes show the following details for the file:

Basic Properties

  • MD5, SHA-1 values
  • Type of files and file properties
  • Section information (e.g., Entropy value) of the file
  • File version number, timestamp information, and digital signature details including
    certificate chains
  • File content in string format
  • File content in Hex format

Detonation Detail

Detonation detail will be available when the user has an option for Detonation analysis. The following table shows the sections and detonation details displayed on the page.

Section Description
Verdict The final assessment of the sample, typically classified as Clean, Unknown, suspicious, Malware or Ransomware based on the combined results of the analysis.
Sample Overview A high-level summary of the sample, including itsfile type, size, hash values (MD5, SHA-1, SHA-256), submission date, and any initial observations.
Verdicts from Various Subsystems of Detonation Layer Individual verdicts from different analysis engines or layers within the sandbox, such as static analysis, behavioral analysis, and network analysis
Behavior Activities Detailed description of the sample’s behavior during execution, including actions like file manipulation,process creation, network activity, etc.
Process Tree A hierarchical representation of all processes created or modified by the sample, showing parent-child relationships and the flow of execution.
Process Created List of processes that were initiated by the sample during execution, along with their associated metadata (e.g., process ID, command line arguments).
Files Created Information on any files that the sample created or modified, including file paths, names, and types, along with their hash values.
Registry Created Details of any Windows registry entries created or modified by the sample, including paths and associated values.
Registry Key Sets A list of specific registry keys that were modified or set by the sample, potentially indicating persistence mechanisms or configuration changes.
DNS Requests A record of all DNS queries made by the sample, including domain names, query types, and resolved IP addresses.
IP Connections Information on outbound or inbound network connections initiated by the sample, including IP addresses, ports, and protocols.
Screenshots Captured screenshots of the virtual environment during the sample’s execution, providing visual evidence of the sample’s activity.

Manual Analysis

Manual Analysis detail will be available when the file is uploaded for Manual analysis

Additional Options

The following table describes the options that are available on the analysis report page.

Sr. No Icon Name Description Image
1 Download You can download reportsin PDF, and JSON as required.
2 Send to Detonation You can send samples to the detonation stage for detailed analysis if sample was previously submitted only for Preliminary Analysis.
3 Send to Manual Analysis You can send samples for manual analysis if not satisfied with the detailed Detonation analysis report.

Note: Large reports may take time to download.

Was this page helpful?
Yes No