Detailed Information Screen

Submission details

Basic data fields (such as Logged, File name, and Type) extracted from the raw logs

Basic data fields (such as Logged, URL, Source IP and port, and Destination IP and port) extracted from the raw logs

• Sample ID (SHA-1)

• Child files, if available, contained in or generated from the submitted sample

• The IP address of the node that processed the sample

• The Raw Logs link shows all the data fields in the raw logs

• Scan actions for scans performed on network shares

Notable characteristics

The categories of notable characteristics that the sample exhibits, which can be any or all of the following:

• • Anti-security, self-preservation

  • Autostart or other system reconfiguration

  • Deception, social engineering

  • File drop, download, sharing, or replication

  • Hijack, redirection, or data theft

  • Malformed, defective, or with known malware traits

  • Process, service, or memory object change

  • Rootkit, cloaking

  • Suspicious network or messaging activity

Other submission logs

A table that shows the following information about other log submissions:

• Logged

• Protocol

• Direction

• Source IP

• Source Host Name

• Destination IP

• Destination Host Name

MITRE ATT&CK ™ Framework

A list of MITRE ATT&CK ™ tactics, techniques, and sub-techniques detected. Click a link to view more information on the MITRE website.

Report

The PDF icon () links to a downloadable PDF report and the HTML icon () links to an interactive HTML report.

Investigation package

Download links to a password-protected investigation package that you can download to perform additional investigations.

For details, see Investigation Package.

Global intelligence

View in Threat Connect is a link that opens Trend Micro Threat Connect

The page contains detailed information about the sample.