The timestamp in the filename ( 2020-12-22 ) suggests the file was generated or captured in late December 2020.
Searching for embedded URLs, IP addresses, or Windows API calls (e.g., CreateProcess , ShellExecute ). video_2020-12-22_20-56-26.7z
Often used in phishing simulations or Capture The Flag (CTF) challenges where a user is tricked into opening a "video" that actually contains an executable. 1. Initial Triage The timestamp in the filename ( 2020-12-22 )
The file is a delivery vector for a payload. The naming convention mimics a recorded video or a social media attachment to exploit human curiosity (Social Engineering). In a forensic report, this would be classified as the or Delivery phase of the Cyber Kill Chain. In a forensic report, this would be classified
Upon decompressing the archive, investigators typically look for:
Changes to Registry keys (Run/RunOnce) to ensure the malware starts on boot.