Run the file in a (sandbox) like Joe Sandbox or a private Virtual Machine.
Observe if it spawns new processes (e.g., cmd.exe or powershell.exe ).
Check if it attempts to contact a Command & Control (C2) server or download additional payloads. XXWardinaXX.zip
High, Medium, or Low based on its ability to exfiltrate data or damage the system.
List the files inside using unzip -l or zipinfo. Look for unusual extensions like .exe , .vbs , or .js hidden inside. Run the file in a (sandbox) like Joe
Note if it creates "mutexes," modifies the registry for persistence, or drops new files into C:\Users\ folders. 4. Findings & Summary
Run a "strings" utility to extract human-readable text. You might find hardcoded IP addresses, URLs, or commands. High, Medium, or Low based on its ability
Determine if it matches known signatures (e.g., Ransomware, Spyware, or a Trojan).