Back to Atlas
Malware Sandbox (Analysis)
A Sandbox is an isolated environment used to safely execute and analyze suspicious files. By "detonating" malware inside a sandbox, analysts can observe its behavior without risking the actual network.
Detonation Chamber
Sandbox Environment
Select a file to detonate in the sandbox.
Interactive: Select a file to run in the sandbox. Watch the logs as the system monitors for malicious activity like registry changes or unauthorized network connections.
How it Works
- IsolationThe sandbox is a Virtual Machine (VM) that is completely cut off from the production network. If the malware destroys the VM, no real data is lost.
- HookingThe sandbox watches "System Calls" (requests to the OS). If a program asks to "Write to System32" or "Connect to Russia", the sandbox records it.
- HeuristicsInstead of just looking for known virus signatures, modern sandboxes look for *behavior*. If it acts like malware, it probably is.
Evasion Techniques
Smart malware tries to detect if it's in a sandbox!
Sleep TimersMalware might wait 30 minutes before doing anything, hoping the sandbox analysis times out (usually 5 mins).
User InteractionIt might wait for mouse movement or keyboard clicks to ensure a real human is using the computer.