Upload a file and automatically start malware analysis with VM provisioning.
Choose the payload file (.exe, .dll) you want to analyze. The file will be uploaded, executed and analyzed in a VM. EDR events can be recorded based on profile.
Optional URL which points to more information about the payload.
Optional Command line parameters for .exe files, or exported function name for .dll files.
Optional description of the payload file itself. For example include properties of your loader, and the C2 payload config.
Optional description of what you're testing or trying to achieve with this analysis. Include your hypothesis, what detection capabilities you're evaluating, or research objectives.
Optional project name to group related scans together.
Select the analysis environment profile that defines which virtual machine, EDR system, and analysis tools will be used for this malware analysis.
Define how long the payload should keep running inside the VM after execution starts. Increase this to observe post-ex behaviors like beacon callbacks.
Accepted range: 10 - 7200 seconds. Default 10 seconds.
This analysis profile requires password authentication. Enter the password to proceed with the analysis.
Specify the target directory path where the malware should be placed and executed on the virtual machine.
Default: C:\Users\Public\Downloads\ Whitelisted execution: C:\RedEdr\data\
C:\Users\Public\Downloads\
C:\RedEdr\data\