Views:
On the Completed tab, click anywhere on a row to view detailed information about the submitted sample. A new section below the row shows the details.
The following fields are displayed on this screen:
Field Name
Information
File/Email Message Sample
URL Sample
Submission details
Basic data fields (such as Logged, File name, and Type) extracted from the raw logs
Basic data fields (such as Logged, URL, Source IP and port, and Destination IP and port) extracted from the raw logs
Note
Note
Deep Discovery Analyzer may have normalized the URL.
  • Sample ID (SHA-1)
  • Child files, if available, contained in or generated from the submitted sample
  • The IP address of the node that processed the sample
  • The Raw Logs link shows all the data fields in the raw logs
  • Scan actions for scans performed on network shares
Notable characteristics
The categories of notable characteristics that the sample exhibits, which can be any or all of the following:
    • Anti-security, self-preservation
    • Autostart or other system reconfiguration
    • Deception, social engineering
    • File drop, download, sharing, or replication
    • Hijack, redirection, or data theft
    • Malformed, defective, or with known malware traits
    • Process, service, or memory object change
    • Rootkit, cloaking
    • Suspicious network or messaging activity
Other submission logs
A table that shows the following information about other log submissions:
  • Logged
  • Protocol
  • Direction
  • Source IP
  • Source Host Name
  • Destination IP
  • Destination Host Name
MITRE ATT&CK ™ Framework
A list of MITRE ATT&CK ™ tactics, techniques, and sub-techniques detected. Click a link to view more information on the MITRE website.
Report
The PDF icon (report-pdf.png) links to a downloadable PDF report and the HTML icon (report-html.png) links to an interactive HTML report.
Note
Note
An unclickable link means there were errors during simulation. Mouseover the link to view details about the error.
Investigation package
Download links to a password-protected investigation package that you can download to perform additional investigations.
For details, see Investigation Package.
Global intelligence
View in Threat Connect is a link that opens Trend Micro Threat Connect
The page contains detailed information about the sample.
VirusTotal
Click View in VirusTotal to open VirusTotal in a new browser tab with a query for the sample.
Tip
Tip
If the object contains multiple objects, you can view the VirusTotal information for selected detected child objects in a window that appears.