When you open an analyzed object in Sandbox Analysis, a tabbed profile view displays overview details, static and dynamic analysis, file content, associated alerts and threats, and third-party insights.
When you open an analyzed object in Sandbox Analysis, TrendAI Vision One™ displays a tabbed profile view.
|
Tab
|
Description
|
File submissions
|
URL submissions
|
|
Overview
|
Key object details
|
Provides hash values (SHA-1, SHA-256, MD5), detection name, malware family, and first/last
seen. For submitter source details see Consolidated analysis results.
For bundled files, lists up to five files from the bundle.
For URL submissions, the Overview displays both the normalized URL that the sandbox
analyzed and the original URL as submitted.
|
|
|
Static analysis
|
Structural indicators like imports and macros
Only available to objects submitted to Sandbox Analysis
|
Displays indicators like imports, strings, macros, and MITRE ATT&CK.
For archive files, MITRE ATT&CK mapping applies to the archive file as a whole; imports,
strings, and macros to each file in the archive.
|
|
|
Dynamic analysis
|
Sandbox execution report
|
Offers the same sandbox execution details previously available in an HTML report.
You can still download the full report as a PDF from this tab when analysis is complete.
|
|
|
File content
|
File content preview or download
Only available to objects submitted to Sandbox Analysis
|
For files 5MB or less, an inline hex viewer allows quick inspection.
For files over 5MB, you can download a password-protected ZIP file.
For archive files, displays content for the archive file only, not individual files
within it.
|
|
|
Associated Workbench alerts
|
Related alerts from Workbench
|
Shows alerts related to the submitted object within the last 30 days including status,
severity, score, and impacted entities. For archive files, queries the file SHA-1
of the archive file itself, not its contents.
|
|
|
Associated threats
|
Emerging threats and threat actors linked to the object
|
Displays the emerging threats and threat actors associated with the object when its
indicators match known threat intelligence.
Click a threat or threat actor name to open the threat report in Threat Intelligence Hub.
|
|
|
Third-party insights
|
VirusTotal threat intelligence
|
After configuring a VirusTotal API key in Third-Party Integrations, displays VirusTotal threat intelligence. For archive files, queries the file SHA-1
of the archive file itself, not its contents.
|
|
