List any contacted URLs, IP addresses, or DNS requests. 4. Static Analysis
Details on any packing (e.g., UPX) or encrypted scripts used to bypass detection. 5. Indicators of Compromise (IoCs) Network: http://malicious-site.com Host-Based: C:\Users\Public\svchost.exe (Fake) 6. Remediation & Conclusion sc24197-TDA.rar
Describe what happens when the file is opened. Step 1: User extracts and runs X . Step 2: Script contacts C2 server at [IP/Domain] . Persistence: Does it add registry keys or scheduled tasks? List any contacted URLs, IP addresses, or DNS requests