Skip to main content

Perform Malware Analysis

You can analyze potentially malicious files or URLs using the sandbox in Intel Exchange. The file or the URL executes in the chosen environment and respective system for malware analysis. Cyware Sandbox supports two types of analysis:

  • Submit: Upload a file or URL for sandbox analysis.

  • Scan: Perform a quick, one-time scan of a file or URL.

Before you Start 

  • Your user group must have permission to view and create sandbox records.

  • You must have configured a sandboxing tool such as Cyware Sandbox. For more information, see Configure Cyware Sandbox.

Steps 

  1. Navigate to the Main Menu and select Sandbox under Analysis

  2. Select one of the following options: 

    1. Sandbox

      Use this option to submit a file or URL to the sandbox for in-depth malware analysis. This allows potentially harmful content to execute in a controlled virtual environment, helping you observe its behaviour without exposing your system or network to risk. 

      1. Upload the file or URL: Click Drag & Drop or Browse field to upload a file from your system, or paste a URL into the designated field.

      2. Provide the following details: 

        1. Community: Choose the community where the file or URL should be submitted.

          • Public communities are open and support collaborative threat detection.

          • Private communities are restricted to specific organizations or groups with controlled access.

        2. Sandbox Provider and Detonation Virtual Machine: Select the provider and corresponding virtual environment for execution. 

          • CAPE: Default option with virtual machine preset to win-10-build-19041

          • Triage: Choose from available environments. (Windows, Linux, Android).

        3. Internet Access: Toggle to enable or disable internet connectivity during the analysis. Enabled by default.

      3. Click Submit. After submission, you can view the status and results in the sandbox file listing. 

    2. Scan: Scan files or URLs for indicators of known malware signatures or behavioural patterns. This is a quick analysis method designed for instant feedback. To perform a malware scan, do the following: 

      1. Click Scan

      2. Enter the URL or upload a file.

      3. Click Submit to run the analysis. 

        The results are returned as JSON and can be viewed directly on the screen. Files and results are not stored.

File and URL Options

Under both Submit and Scan, you can upload a file or enter a URL for analysis.

  • File: You can upload files with a maximum size of 25 MB. Intel Exchange supports .pdf, .pcap, .xls, .xlsx, .csv, .doc, .docx, and other supported file types.

  • URL: Paste a URL to submit it to the sandbox for behavioural analysis. The selected sandbox provider handles the evaluation based on its capabilities.