Trellix Malware Analysis (AX)
About the product
A module that provides analysts with a secure environment for detonating potentially dangerous files and URLs. It provides a configured virtual environment for Microsoft Windows, MacOS, and Linux systems, along with the necessary software to enable threat analysis in various configurations.
Using the IVX engine, it provides a complete picture of the attack, from sample execution and exploitation of vulnerabilities to back-end communication and subsequent attempts to download malware components. Thanks to a dedicated Internet connection, sample component downloads and communication with C&C take place outside the corporate production network, providing an additional layer of protection against the spread of threats.
Advantages of the solution
Analysis of the entire attack lifecycle.
Ability to run analysis both in online and offline mode.
Fully local and configured sandbox environment with all required licenses (for the operating system and applications).
Benefits of Implementation
File and URL detonation environment focused on dynamic analysis to best understand the context of the operations performed by the sample.
Detailed report of sample analysis at the operating system, file system, application, memory, registry, and network communication levels.
Ability to influence the analysis by connecting to the virtual machine performing the task.