Retrieve All Scans For Given Hash
Get all the scans for the specified hash.
Parameters
Parameter | Description |
---|---|
Scan Hash | The scan hash to search by.The hash can be found in the Latest Submissions page in the SHA256 field. |
Example Output
[
{
"classification_tags": [
"evasive",
"njrat",
"stealer"
],
"tags": [
"evasive",
"njrat",
"stealer"
],
"submissions": [
{
"submission_id": "63dd5e062d9e377060288eab",
"filename": "b927e7cfeada375ee4a262d0b761bf8f07c97bbed476fcb991f06816004b6e93",
"url": null,
"created_at": "2023-02-03T19:18:30+00:00"
}
],
"machine_learning_models": [],
"crowdstrike_ai": null,
"job_id": "63dd5e062d9e377060288eaa",
"environment_id": 160,
"environment_description": "Windows 10 64 bit",
"size": 381952,
"type": "PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows",
"type_short": [
"peexe",
"assembly",
"executable"
],
"target_url": null,
"state": "SUCCESS",
"error_type": null,
"error_origin": null,
"submit_name": "b927e7cfeada375ee4a262d0b761bf8f07c97bbed476fcb991f06816004b6e93",
"md5": "9d28b5e6020f1bd5f4b9bbca7405a5bd",
"sha1": "5e03f35f168cbfe38e959ba7193e156c5dd224ca",
"sha256": "b927e7cfeada375ee4a262d0b761bf8f07c97bbed476fcb991f06816004b6e93",
"sha512": "b610c80ef90f45f34710461ee40c0abc06ceb93e4919ac3b438f9834946e8f3669c44a2924bf7bc6a4cc8159d686dbfc252c5073dae1faa8ac46fe6ccedc14b5",
"ssdeep": "6144:78XN6W8mmHPtppXPSi9b4Gy4r9FENM8UJLh6EFGUiYMuCE2y:wN6qatppXPlRnEKHRAeGUtQE",
"imphash": "f34d5f2d4577ed6d9ceec516c1f5a744",
"entrypoint": "0x42bd4e",
"entrypoint_section": ".text",
"image_base": "0x400000",
"subsystem": "Windows Gui",
"image_file_characteristics": [
"EXECUTABLE_IMAGE",
"LARGE_ADDRESS_AWARE"
],
"dll_characteristics": [
"NO_SEH",
"TERMINAL_SERVER_AWARE",
"DYNAMIC_BASE",
"NX_COMPAT",
"HIGH_ENTROPY_VA"
],
"major_os_version": 4,
"minor_os_version": 0,
"av_detect": 77,
"vx_family": "IL:Trojan.MSILZilla",
"url_analysis": false,
"analysis_start_time": "2023-02-03T19:18:31+00:00",
"threat_score": 100,
"interesting": false,
"threat_level": 2,
"verdict": "malicious",
"certificates": [],
"domains": [],
"compromised_hosts": [],
"hosts": [],
"total_network_connections": 0,
"total_processes": 1,
"total_signatures": 76,
"extracted_files": [],
"file_metadata": null,
"processes": [],
"mitre_attcks": [
{
"tactic": "Execution",
"technique": "Native API",
"attck_id": "T1106",
"attck_id_wiki": "https://attack.mitre.org/techniques/T1106",
"malicious_identifiers_count": 0,
"malicious_identifiers": [],
"suspicious_identifiers_count": 0,
"suspicious_identifiers": [],
"informative_identifiers_count": 3,
"informative_identifiers": [],
"parent": null
},
{
"tactic": "Execution",
"technique": "Windows Management Instrumentation",
"attck_id": "T1047",
"attck_id_wiki": "https://attack.mitre.org/techniques/T1047",
"malicious_identifiers_count": 0,
"malicious_identifiers": [],
"suspicious_identifiers_count": 1,
"suspicious_identifiers": [],
"informative_identifiers_count": 1,
"informative_identifiers": [],
"parent": null
}
],
"network_mode": "default",
"signatures": [
{
"threat_level": 0,
"threat_level_human": "informative",
"category": "General",
"identifier": "static-99",
"type": 0,
"relevance": 1,
"name": "Contains ability to download files from the internet",
"description": "Observed function downloadfile in b927e7cfeada375ee4a262d0b761bf8f07c97bbed476fcb991f06816004b6e93.bin",
"origin": "Static Parser",
"attck_id": "T1105",
"capec_id": null,
"attck_id_wiki": "https://attack.mitre.org/techniques/T1105"
},
{
"threat_level": 0,
"threat_level_human": "informative",
"category": "General",
"identifier": "string-135",
"type": 2,
"relevance": 1,
"name": "Found well known domains (string)",
"description": "\"mhttps://github.com/LimerBoy/StormKitty\" (Indicator: \"github.com\")",
"origin": "String",
"attck_id": null,
"capec_id": null,
"attck_id_wiki": null
}
]
}
]
Workflow Library Example
Retrieve All Scans for Given Hash with Hybrid Analysis and Send Results Via Email
Preview this Workflow on desktop