Perform Malware Analysis
Upload a file or submit a URL to perform malware analysis using the sandbox. The file or the URL executes in the chosen environment and respective system for malware analysis.
Before you Start
Your user group must have permission to view and create sandbox records.
You must have configured a sandboxing tool such as Joe Security Sandbox. For more information, see Integrate with Joe Security Sandbox.
Steps
Navigate to Main Menu and select Sandbox under Analysis.
Click Analyze to either upload a file or submit a URL.
Select one of the following:
File: Select a file to upload for analysis. You can upload a file with a maximum file size of 100 MB. CTIX supports .pdf, .pcap, .xls, .xlsx, .csv, .doc, .docx, and other supported file types.
For more information about Joe Security Sandbox supported file types, see Joe Security Sandbox Product Documentation.
If your file is password protected, then select Password Protected File to enter a password.
If you choose Joe Security Sandbox as the sandboxing tool to perform analysis, CTIX will take up a file that is not password-protected, as Joe Security Sandbox does not support password-protected files.
URL: Upload a URL to submit for analysis. The system picks content from the URL to analyze and generate a report.
Select from the list of configured tools to perform sandbox analysis, such as Joe Security Sandbox. If you only have one tool configured, then CTIX automatically selects the configured sandboxing tool.
Select the instance configured for the sandboxing tool. By default, CTIX selects an instance.
Select an environment to execute the uploaded file. By default, CTIX selects Windows as the environment.
In Analysis System, select a system to perform the analysis. You can select multiple systems based on the chosen environment.
You can select a maximum of three systems for Windows, one for MacOS, and two for Linux and Android. CTIX displays the number of selected and remaining systems.
CTIX utilizes one unit of quota to submit a URL or upload a file for processing and generate a report. Each selected system utilizes one unit of quota, for example, if you select three systems, then three units of quota are utilized by the system.
Click Submit.
After you upload a file or submit a URL:
The application creates a new record in the processing state. In case, the application takes some time to upload a resource, then the sandbox record will show Uploading Resource as the record status.
If the report is received within the first 10 minutes, the application updates the status of the record to Success.
If the application does not receive a report within the first 10 minutes, the application tries for an hour at an interval of 10 minutes each, to obtain the status of the record. If the system is unable to obtain a result after this interval, the result is marked as Failed. The reasons include insufficient or exhausted quota, or unable to reach the configured sandbox tool.