Report page for Kaspersky Sandbox

On the Sandbox page, the file execution and analysis results for Kaspersky Sandbox are displayed. The status of the executed file (Malware, Adware and other, Clean, or Not categorized) is displayed under the file name.

The Sandbox page contains the following:

• Summary section—Displays the execution task details and graphics of detected items, suspicious activities, extracted files, and network interactions that were detected during the file execution.
• Results tab—Displays information about detected threats, triggered network rules, and suspicious activities. A file execution map and a set of screenshots are also displayed. For downloaded files, information about the submitted web address and file download method is displayed.
• Static Analysis tab—Displays an object's static analysis results. This tab is available only for objects that were executed in the mobile (Android) operating system environment.
• System activities tab—Displays information about loaded PE images and various operations that were registered during the file execution.
• Extracted files tab—Displays information about files that were downloaded and dropped by the executed file.
• Network activities tab—Displays information about HTTP, HTTPS, and DNS requests that were registered during the file execution.

Execution results for multi-file (packed) objects are described in the Multi-file report page section.

A file execution in Kaspersky Sandbox may end with an error after Kaspersky expert systems have detected a threat related to the file. In this case, Kaspersky Threat Intelligence Portal displays only the abridged version of a report that contains the following information:

• Summary section. Only the Detects chart (total number of threats detected by Kaspersky expert systems) presents statistical information.
• Detection names table.

The History table displays your local task creation time. In reports, date and time are displayed in Coordinated Universal Time (UTC) format.

Your Kaspersky Sandbox quota is not affected by a failed file execution. Abridged reports cannot be exported to STIX format. For abridged reports, exporting to STIX format is not available.

You can click the Download data button located by each section (except the Summary section) to export the corresponding data. The button is available if the section contains data.

In this section Summary section Results tab Static analysis tab System activities tab Extracted files tab Network activities tab Multi-file report page

Page top