2.8. Results and analysis report

If a file is sent to a remote server (GBox or site intelligence), the analysis is performed by the remote server and it can be downloaded as a pdf report.

../_images/RAPPORT.PNG

This report is composed of:

  • A threat level (1) `Threat level`
    This score is calculated from the analysis score returned by the different engines active of the GBox in the model at the time of detection
  • Part (2) `Analysers statuses`
    This part lists the engines activated during the analysis and their results.
    For example, the Gnest engine is not activated so not displayed.
    This part indicates which analysis was done but in no case the result of the analysis:

    • `grip analysis: Success` : Grip engine analysis (3) was carried out

    • `goasm analysis: Success` : Goasm engine analysis (4) was carried out

    • `gmalcore analysis: Failed` : Gmalcore engine analysis (5) failed

    • The summary of the analysis steps (6) which displays:

      • The list of engines used: here grip, Goasm and Gmalcore
      • The result of the analysis for each of the engines: here for Gmalcore, the cross indicates that the analysis by Gmalcore was not made unlike the other two engines
        Right side, the result of the analysis of the GBox: here the icon means error

  • Part (7) `Analysis` provides analysis information: hash, model and date

  • Part (8) `Sample` gives sample information: filename and sha256

  • Part (9) `Errors` gives the information on the origin of the failure of the analysis: here the Gmalcore motor does not work. hence no response from him

  • The retailers the analyses:

Part Title

Description

Is engine activated

`Analysis options`

Option values used for analysis

Grip and Gnest

`Iocs`

List of actions performed (files, registry, network, processes...)

GNEST

`Ttps`
TTPs analyse the functioning of a malicious actor, they describe how cyber attackers orchestrate, execute and manage operational attacks.
TTPs contextualize a threat. They reveal the steps or actions taken by malicious actors during data exfiltration for example.

GNEST

`Static`

Métadonnées

GRIP

`Overview`

File information (size, different hash, type...)

GNEST

`Heuristic`

List of engines (Entry#x) and name of the threat returned by the Gmalcore module (or n/a)

Gmalcore

`Shellcode`

Result of shellcode detection

GOASM

`Signatures`

List of yara signatures corresponding to the analyzed file

Gnest

`Process Tree`

Graphical representation of the process tree

Gnest

For report analysis procedure, see the Analysis Report Analysis Procedure.