Sandbox
Definition
An isolated execution environment, typically a virtual machine, where a malware sample runs under full instrumentation. The sandbox logs all system calls, file operations, network traffic, and process activity while preventing the sample from reaching production infrastructure.
Related terms
- API hooking
- A monitoring technique in which the sandbox intercepts calls the malware makes to operating-system API functions. Each intercepted call is logged with...
- Behavioural analysis
- The examination of what a program does at runtime rather than what its code says at rest. Behavioural analysis captures the actual...
- Evasion detection
- Malware logic that checks whether the execution environment is a real host or an analysis sandbox. Checks may query hardware identifiers, count...
- MITRE ATT&CK mapping
- The process of classifying observed malware behaviours against the MITRE ATT&CK framework's taxonomy of adversary tactics and techniques. Sandbox platforms increasingly produce...
- Network indicator
- A network-based artefact produced by malware at runtime, such as a DNS query, an IP address contacted, an HTTP request path, a...
Explained in
- Dynamic Malware Analysis and Sandbox EnvironmentsAn isolated execution environment, typically a virtual machine, where a malware sample runs under full instrumentation. The sandbox logs all system calls, file...