⚠️ Pracivo Security Lab — All samples are COMPLETELY SAFE text files. No real malware. For learning static analysis techniques only.
> Sandbox Analysis
# Sandbox = isolated VM that runs malware and records what it does
# FREE ONLINE SANDBOXES (submit samples here):
# - any.run — interactive sandbox, live view
# - app.any.run — good for APT samples
# - hybrid-analysis.com — Falcon sandbox
# - virustotal.com — 70+ AV engines + basic behavior
# What sandboxes record:
# - Files created, modified, deleted
# - Registry keys added (persistence)
# - Network connections made (C2 traffic)
# - Processes spawned (child processes)
# - API calls made (behavioral signature)
# - Screenshots of what happened
# Sandbox evasion techniques malware uses:
# - Sleep long: Sleep(300000) — outlasts sandbox timeout (default 2-3 min)
# - Check for VM: look for VMware/VirtualBox registry keys
# - Check username: sandbox often uses "admin" or "user"
# - Check screen resolution: sandboxes often use 800x600
# - Check mouse movement: no movement = sandbox
# Set up your own sandbox:
# 1. Download Cuckoo Sandbox (free, open source)
# 2. Or use FlareVM — preconfigured Windows malware analysis VM
# https://github.com/mandiant/flare-vm
# 3. Always snapshot before running anything!
# 4. Use an isolated network (no real internet)