As a new user of the sandbox, just got a little bit confused by the report generated by cuckoo...
1. what is the difference between the loaded DLL ( in the behaviour analysis section ) and the imported DLL ( in the static analysis section ) .. shouldn't these be the same ? ( I mean the loaded DLL during the run should be imported first ) ... I've uploaded a report which contain both.
2. Another thing, if i didn't install the tcpdump and didn't give an internet access to the sandbox I should just miss the communication between the malware and the outside world (the packets transmitted basically) but I should still have the domains , ip address and hosts contacted , right ?
1. what is the difference between the loaded DLL ( in the behaviour analysis section ) and the imported DLL ( in the static analysis section ) .. shouldn't these be the same ? ( I mean the loaded DLL during the run should be imported first ) ... I've uploaded a report which contain both.
2. Another thing, if i didn't install the tcpdump and didn't give an internet access to the sandbox I should just miss the communication between the malware and the outside world (the packets transmitted basically) but I should still have the domains , ip address and hosts contacted , right ?