Persistence mechanisms (e.g., adding itself to startup folders). 3. Content Assessment
: If the ZIP contains scripts or programs, monitor for: Network connections to unknown IP addresses. Unexpected file creations or registry changes.
: Use a tool like 7-Zip to view the contents without extracting. Look for suspicious extensions like .exe , .scr , .vbs , or hidden files. 2. Dynamic Analysis (Execution)
: Record the file size, creation date, and hash values (MD5, SHA-1, or SHA-256). You can generate these using tools like Windows PowerShell or the sha256sum command in Linux.
: Check if any documents inside contain embedded macros or external links that could be used for phishing or credential theft.
: Submit the hash or the file to VirusTotal to check for known malicious signatures against dozens of antivirus engines.
: Determine if the contents match the expected "tarea" (homework) theme.