When a malicious file is detected, the attacker uses different techniques to conceal its identity, such as renaming it or injecting its code with metadata. These techniques are documented in MITRE ATT&CK, an attack catalog that defines various categories of cyber attacks.

Analyze file for viruses is an initial step in malware analysis that examines a file without running it and can expose clues, such as file extensions and header information. A simple look at these details can help you identify the type of threat and decide if further investigation is needed.

Analyze File for Viruses: Ensure Safe File Transfers

Dynamic analysis is a more in-depth analysis that runs the malware file in a safe environment and can uncover additional capabilities of the threat, such as network IoCs or the list of files it downloaded to an endpoint. These insights allow analysts to hunt for more related threats that may have compromised other endpoints within the organization.

For example, you can see from this dynamic analysis that this specific file has a read/write/execute permission and a large amount of disk space used which suggests it might be a malware spreader. It also appears to have a large payload, which indicates that it is trying to infect other systems and can potentially steal critical data from an organization. The analysis also shows that the file was packed, which is common practice to obfuscate malware. This is a technique that can be overcome by using tools such as deflate, which can inflate and deflate the file to reveal the payload.