View Malware Analysis Report
After you upload a file or submit a URL for malware analysis, you can view the detailed analysis performed by the sandbox tool.
To view the detailed analysis report, do the following:
Navigate to Main Menu, and select Sandbox under Analysis.
Select a record to open it. You can view the detailed analysis performed on the file or URL in the form of an HTML report, and the IOCs fetched from the uploaded file or URL.
The IOCs report includes all the IOCs reported by the tool while analyzing the file or URL.
Cyware Sandbox provides the submission details, IPs, and URLs detected while analyzing the file or URL.
The Analysis report provides a full-fledged HTML report including information, such as confidence score, detection verdict, behaviour signatures, behaviour graphs, threat intel, and more.
For successful submissions, you can check the verdict of the analysis. For more information on how the verdict from Sandbox is mapped to Intel Exchange, see Verdict Mapping between Cyware Sandboc and Intel Exchange. The verdict in Intel Exchange can be:
Malicious: The file is analyzed and found malicious.
Benign: The file is analyzed and found not to be malicious.
NA: The configured sandbox tool has returned Null or Not Applicable as the result for the analyzed file.
Suspicious: The file is found suspicious. Suspicious indicates that the executed file or URL may or may not be malicious.
Unknown: The configured sandbox tool is unable to identify if the analyzed file or URL is malicious or not.
Verdict Mapping between Cyware Sandbox and Intel Exchange
The mapping between verdicts defined in the Cyware Sandbox and Intel Exchange for the files or URLs analyzed is as follows:
Sandbox Verdict | Intel Exchange Verdict |
|---|---|
Benign | Non-Malicious |
Malicious | Malicious |
Unknown | Unknown |
Null | NA |
Suspicious | Suspicious |