The sandbox engine is a secure environment of virtual systems where suspicious emails can be opened and executed, including attachments or links. Statical, behavioral and network based analyses will be performed.
The results are summarized in a detailed report, which can be used for IT forensic evidence protection. This includes PCAP network traffic dumps, memory dumps of the malicious process and screenshots during the execution.
This enables Hornetsecurity to analyze the known or unknown threats in a secured and external environment without putting the destination network nor the recipient in danger.
The static analysis includes matching against known signatures (matched against more than 20 AV engines), metadata and keywords of already discovered malware.
The behavioral analysis detects attempts to discover virtual layers, registry changes, system- API calls, hidden threats, commands and services.
The network based analysis registers connection attempts to DNS, command and control servers and compromised websites for downloading additional malicious code.
The sandbox engine provides you with a complete analysis of the potential threat of a file or link within a few minutes.