understanding cuckoo sandbox json report
I have setup cuckoo sandbox and already analyzing some malware
the problem is im having a difficult time trying to understand the json report . could anyone please help me understand the following : UDP, procmemory, dns_servers , http , icmp, domains ,apistats ,processtree just a brief of what they are please attached sample picture of the json report thank you in advance
Well I think the output is pretty much clear if you just run one sample but anyway, if you want to better understand the output, you can check this paper.
As far as I know, "domains", "DNS", "UDP", "TCP",... show the communications of the sample using these protocols. For example, if a malware tries to connect to a URL, then you will have a DNS query in "DNS" section, an HTTP query in "HTTP" section, a domain name in "domains" section and a "UDP" communication in the "UDP" section (since DNS queries are usually over UDP protocol) all related to that one URL the malware tries to connect.
"apistats" shows the statistics about the API that are called by the sample file.
"procmemory" shows the details about different region of the memory with their size, protection level, start and end address.
I hope it helps.
- Flatten and filter multi-dimension JSON with JQ
- Panic while deserializing JSON data
- How to convert an XML string to a dictionary?
- JSON syntax error: 'unexpected number' or 'JSON.parse: expected ',' or '}' after property value in object'
- Have Jackson default to string if object not detected
- How to get the number of elements in a JSON array?
- PostgreSQL - Json data - Inserting into Target Table through Trigger
- Restful FedEx Trade Document Upload API - Can't upload signature or letterhead images
- Powershell update object property value not as expect
- request body is empty in backend while using fetch on express
- How to convert a Map to a List of keys
- C# serialize json to class
- How to extract images from a string in PHP?
- Nested Json to pandas DataFrame with specific format
- Flattening multi nested json into a pandas dataframe
- get title from JSON
- How to implement custom indentation when pretty-printing with the JSON module?
- Deserialize Map<Enum<?>, Object> in Java with Jackson library
- Convert bash array to JSON and write to file
- Refused to execute script, strict MIME type checking is enabled?
- jQuery ajaxForm returning .json file
- .NET API Update Includes ID
- .NET 8 (isolated worker model) PUT/POST methods have null body
- How to deserialize a Map with custom value type in serde?
- cannot use operator[] with a string argument with array (parsing json)
- How to use `json` in Rocket?
- I'm trying to convert data from csv to json . My csv input is split by (;) is there an easy way to do so?
- How can I respond to a POST request containing JSON data with Rocket?
- Manipulate Result type with JSON as content
- Jolt Replacing substring within a string