Malware Analysis Sandbox - Model SNX_SX_PRO
SecneurX Malware Analysis Sandbox is a dynamic malware analysis system for SOCs, CERTS and security teams to understand most evasive, and sophisticated malware attacks and strengthen their defenses. It gives security analysts access to powerful auto-configured test environments to safely detonate and inspect stealthy malware, zero-day and advanced persistent threat (APT) attacks embedded in Windows executables, Office documents, web pages, email attachments.
Deployment: The Malware Analysis Sandbox SNX_SX_PRO is designed for on-premise deployment, ensuring that all operations and analyses are conducted within the secure environment of your organization's infrastructure.
​
Detonation Environments: The sandbox supports a variety of operating systems for detonation environments. It includes Windows 7 (64-bit), Windows 8.1 (64-bit), Windows 10 (64-bit), and Windows 11. Additionally, it supports Ubuntu 20.04 (64-bit). This wide range of environments allows for comprehensive analysis across different platforms.​
​
File Submissions: Users can submit files for analysis through both REST API and a user interface (UI). This flexibility ensures that integrations can be smoothly accomplished and that user interactions are straightforward.
​
Data Privacy: All data handled by the SNX_SX_PRO is kept private, ensuring that sensitive information remains secure throughout the analysis process.​​
​
User Management (UI): User logins are managed by the customer, providing control over who can access the system. The system also supports team privacy, allowing for segmented access within the organization.
​
Integration: The sandbox offers integration through a REST API for both file and URL submissions, facilitating seamless incorporation into existing workflows and systems.
​
File Type Support: The SNX_SX_PRO supports a comprehensive range of file types. For Windows systems, it includes formats such as EXE, DLL, DOC, DOCX, DOTX, XLS, and many others, up to a maximum file size of 400 MB. For Ubuntu systems, it supports Python, Perl, Shell scripts, and ELF files.
​
Downloads: Users can download binary samples and PCAPS, and indicators of compromise (IOCs) are provided in STIX format. Reports are available in HTML, JSON, and PDF formats, and process memory dumps can also be accessed.
​
Report Features: The reporting capabilities of the SNX_SX_PRO include risk view summaries and verdicts, detailed views of all malicious or suspicious indicators, and screenshots. These features ensure that users have comprehensive insights into the analysis results.
​
System Features: The system supports concurrent instances and parallel scanning of multiple distinct virtual machine types. It integrates with third-party Yara rules and can analyze phishing emails by examining headers, content, hyperlinks, and attachments. Additional system features include extraction of SSL certificate information, malicious indicator extraction, and detection of second-stage payloads. The sandbox also offers AI-based mechanisms for GUI triggering, automatic tagging of samples based on signatures, and support for password-protected files. It includes MITRE ATT&CK support, verification of Authenticode signatures, and the ability to record malware interactions via video.
Capacity: The SNX_SX_PRO can handle a dynamic analysis throughput of up to 4000 files per day, making it suitable for high-volume analysis requirements.
​
Updates: Threat intelligence updates are managed through a relay-server system, while product updates are applied manually by the user, allowing for controlled and secure update management.
Hardware Specification: The hardware for the SNX_SX_PRO includes a minimum data storage capacity of 4TB and features a redundant power supply for enhanced reliability.
​
Reputation Engine: The reputation engine supports searching for samples by SHA256 or MD5, verdict-based searches, and querying of historic analysis data. It provides additional storage for reports (4 TB) and offers graphical displays of user analytics, verdict history, and status reports. The engine also includes functionality for re-analysis of samples and visualization of verdicts such as malware, ransomware, and non-threatening samples.
​
Windows Execution Environment Customization Service: A customization service is available for the Windows execution environment, allowing tailored configurations to meet specific organizational needs.