200-201 Question #279: Real Exam Question with Answer & Explanation

Question

Refer to the exhibit. A SOC engineer is analyzing the provided Cuckoo Sandbox report for a file that has been downloaded from an URL, received via email. What is the state of this file?

Options

• AThe file was identified as PE32 executable for MS Windows and the Yara filed lists it as Trojan.
• BThe file was detected as executable and was matched by PEiD threat signatures for further
• CThe file was detected as executable, but no suspicious features are identified.
• DThe calculated SHA256 hash of the file was matched and identified as malicious.

Explanation

The Cuckoo Sandbox report identifies the downloaded file as a PE32 executable for MS Windows and classifies it as a Trojan based on Yara rules.

Common mistakes.

• B. While PEiD is mentioned in the report, the statement does not fully capture the explicit 'Trojan' classification by Yara rules, making option A more comprehensive and accurate.
• C. The report clearly identifies 'Yara Rules: Trojan', which indicates suspicious features are identified, contradicting the claim that no suspicious features exist.
• D. Although the SHA256 hash is provided, the report's immediate classification of 'Trojan' is based on Yara rules and file type analysis, not solely on a hash match identified as malicious in the provided snippet.

Concept tested. Cuckoo Sandbox report analysis, malware identification

Reference. https://cuckoo.sh/docs/introduction/index.html

No community discussion yet for this question.