Run the file in a sandbox (like Any.Run or Joe Sandbox).
Note if it spawns powershell.exe , cmd.exe , or regsvr32.exe . 4. Indicators of Compromise (IoCs) Summarize the "smoking guns" found during your analysis: Network: [IP Addresses / Domains]
[Yes/No] (Malicious RARs often use passwords like 1234 to evade automated sandbox scanning). 2. Archive Contents
.pdf or .docx files that may contain exploits (e.g., Follina) or serve as a distraction while a payload runs in the background. 3. Static & Dynamic Analysis
Run the file in a sandbox (like Any.Run or Joe Sandbox).
Note if it spawns powershell.exe , cmd.exe , or regsvr32.exe . 4. Indicators of Compromise (IoCs) Summarize the "smoking guns" found during your analysis: Network: [IP Addresses / Domains]
[Yes/No] (Malicious RARs often use passwords like 1234 to evade automated sandbox scanning). 2. Archive Contents
.pdf or .docx files that may contain exploits (e.g., Follina) or serve as a distraction while a payload runs in the background. 3. Static & Dynamic Analysis