Briefly state what the file contains and its primary behavior (e.g., "An encrypted archive containing a credential-stealing executable"). 2. File Metadata
What happens when the archive is extracted and the contents are run? egad.rar
If the archive is locked, discuss common passwords tested or if a "brute-force" attack was required. 4. Dynamic Analysis (Execution) Briefly state what the file contains and its
Does it modify system32 or create persistence (e.g., adding itself to Startup)? 5. Findings & Conclusion egad.rar
[Yes/No] (Does it require a password to extract?) 3. Static Analysis What can be seen without running the files inside:
List IPs, URLs, or file paths that can be used to detect this threat elsewhere.