The Analysis details section displays the actual activities of the analysis subject, as collected by the NSX Advanced Threat Prevention service. An activity is used to determine an assessment of its type.
The following activities are displayed in this Analysis details section.
Activity Type | Description |
---|---|
Network activity | Lists all URLs visited during the analysis, as well as additional web content requested or contained by the subject. Each additional URL is recorded together with its content type, the server status code, the server IP address, the response content hashes (MD5 and SHA1), the response content length, and the timing of the request (start time, end time, and duration in milliseconds). |
Resources | Lists local resources that were accessed during the URL analysis via the res protocol. Malicious web pages sometimes access local resources to probe the execution environment; for example, to determine if certain programs are installed. This section is displayed only if resources events were encountered during analysis. |
Code execution activity | Lists code that was executed during the analysis. In particular, it displays interesting code that was statically included in a resource (using a
|
Hidden iframes | Lists hidden HTML tags, such as This section is displayed only if hidden tags were encountered during analysis. |
Memory contents | Lists the strings that were found during the analysis. This section is displayed only if strings were encountered during analysis. |
Textual content | Shows the textual content extracted from a document. This section is displayed only if text was found during analysis, PDF analysis only. |
Links in documents | Shows the links that were found in analyzed documents. This section is displayed only if links were encountered during the analysis. |
Plugins | Lists any use of common browser plugins. Calls to these plugins are recorded and the report contains the details about the invoked methods and the passed arguments. |
Applets | Shows the Java applets that were downloaded during the URL analysis. This section is displayed only if applets were found during analysis. |
Exploits | The analysis environment has the capability to detect shellcode contained in analysis subjects. Detected shellcode are extracted and included in the report in hexadecimal format. |
Shellcode | The analysis environment has the capability to detect shellcode contained in analysis subjects. Detected shellcode are extracted and included in the report in hexadecimal format. |
Processes | Lists the processes that were spawned during the URL analysis. This section is displayed only if spawned processes were found during analysis. |
Dropped Files | Lists files that were stored on the system hard disk during the URL analysis. This section is displayed only if file operations were encountered during analysis. |