Seqrite Malware Analysis Platform

Analysis Report

Print Friendly, PDF & Email

After you upload a file for analysis through the Search tab on the left pane, an analysis report is generated for the uploaded file and searches hashes that are already present in the database. Various tabs in the report display the corresponding analysis data.
The following table provides the file details displayed on the analysis report page.

Item Description
File Name Displays the submitted file name.
Hash Displays the submitted file hash.
File Type Displays the file type.
Verdict Displays analysis verdict such as Clean, Malware, Ransomware, Suspiciouse.
Malware Category Displays the malware category.
Malwar Family Displays the malware family.
Submission Time Displays the time stamp when the file was submitted for analysis.
File Size Displays the uploaded file size.
Restrict Access Public or Private.
Tags Displays the system tags.

Add Tags

Detonation layer may automatically assign Tags during analysis. Threat Researchers has the provision to add Tags while conducting Manual Analysis. Additionally, Analyst or Threat researchers can add the following categories during any stage of analysis:

  • Affected OS/Platforms
  • Attack Type
  • Attack Vector
  • Indicators of compromise
  • Targeted Attacks
  • TTPs

Analyst or threat researchers can add tags under these categories by clicking the Manage Tags >Select Category>Enter tag name> +Add Tag>Save.
Note: It is mandatory to select the category while adding a tag name.
The added tags are visible under Added Tags. These tags help future researchers identify the file by these tagged attributes. Tags can also be removed just by click cross X sign next to the tag name and such removed tags are visible under Removed Tags.

Analysis Tabs

The visibility of some tabs is based on the availability of the data. The ability to add comments depends on your access permissions. You can view the following analysis tabs.

Static Attribute

Malware analysis is incomplete without the analysis of files attributes. Threat researchers use various tools to collect attributes of submitted files. Seqrite Malware Analysis Platform collects and processes the data from these tools and generates the analysis report for the submitted sample.
The static attributes show the following details for the file:

Basic Properties

  • MD5, SHA-1 values
  • Type of files and file properties
  • Section information (e.g., Entropy value) of the file
  • File version number, timestamp information, and digital signature details including
    certificate chains
  • File content in string format
  • File content in Hex format

Detonation Detail

Detonation detail will be available when the user has an option for Detonation analysis. The following table shows the sections and detonation details displayed on the page.

Section Description
MITRE ATT&CK Matrix The MITRE ATT&CK section maps observed sandbox behaviors to known attacker Tactics, Techniques, and Procedures (TTPs).
Each TTP represents a specific attacker action aligned with real-world attack patterns documented by MITRE.
Verdict The final assessment of the sample, typically classified as Clean, Unknown, suspicious, Malware or Ransomware based on the combined results of the analysis.
Sample Overview A high-level summary of the sample, including itsfile type, size, hash values (MD5, SHA-1, SHA-256), submission date, and any initial observations.
Verdicts from Various Subsystems of Detonation Layer Individual verdicts from different analysis engines or layers within the sandbox, such as static analysis, behavioral analysis, and network analysis
Behavior Activities Detailed description of the sample’s behavior during execution, including actions like file manipulation,process creation, network activity, etc.
Process Tree A hierarchical representation of all processes created or modified by the sample, showing parent-child relationships and the flow of execution.
Process Created List of processes that were initiated by the sample during execution, along with their associated metadata (e.g., process ID, command line arguments).
Files Created Information on any files that the sample created or modified, including file paths, names, and types, along with their hash values.
Registry Created Details of any Windows registry entries created or modified by the sample, including paths and associated values.
Registry Key Sets A list of specific registry keys that were modified or set by the sample, potentially indicating persistence mechanisms or configuration changes.
Indicators of Compromise (IOC) This section will be visible only for files detected as malicious and ransomware. IOC details section shows indicator type, indicator name reputation (Verdict) and associated relationships that have been identified for the IOC.
DNS Requests A record of all DNS queries made by the sample, including domain names, query types, and resolved IP addresses.
IP Connections Information on outbound or inbound network connections initiated by the sample, including IP addresses, ports, and protocols.
Screenshots Captured screenshots of the virtual environment during the sample’s execution, providing visual evidence of the sample’s activity.
Detonation Details for APK Files
Static File Info Basic APK metadata such as file size, hashes, and file type.
Android Info: Embedded Urls URLs hard coded inside the APK that the app may contact.
Android Info: Embedded Domains Hard-coded domains referenced by the application for network communication.
Package Name Unique identifier of the Android application.
Android Info: Permissions Device permissions requested by the application.
Android Info: Activities User-facing screens and entry points of the app.
Android Info: Services Background components that run without user interaction.
Android Info: Receivers Components that listen to system or app events.
Android Info: Providers Components that expose or manage application data.
File List All files and resources are packaged inside the APK.

Manual Analysis

Manual Analysis detail will be available when the file is uploaded for Manual analysis

Comments

You can add any comments.

Additional Options

The following table describes the options that are available on the analysis report page.

Sr. No Icon Name Description Image
1 Download You can download reportsin PDF, and JSON as required.
2 Send to Detonation You can send samples to the detonation stage for detailed analysis if sample was previously submitted only for Preliminary Analysis.
3 Send to Manual Analysis You can send samples for manual analysis if not satisfied with the detailed Detonation analysis report.

Note: Large reports may take time to download.

Was this page helpful?
Yes No