Sandbox

Automated malware analysis system

What is it

How it works?

In order to increase the level of information security of companies in Kazakhstan, TSARKA jointly with Ps.kz has deployed a sandbox for analyzing the malicious files.\n\nThe sandbox creates an isolated digital environment where it is safe to run suspicious files without fear of infecting your own system, and scan them for malicious code or suspicious activity

Description and functionality

Cuckoo Sandbox

Cuckoo Sandbox is an advanced, extremely modular and 100% automated malware analysis system with open source code and unlimited application capabilities

Analysis of malicious files

Analyze lots of different malicious files (executable files, office documents, PDF files, emails, etc.), as well as malicious web sites in virtualized environments of Windows, Linux, macOS and Android

API calls

Track API calls and the general behavior of a file and convert it into high-level information and signatures that anyone can understand

Network traffic dump and analysis

Make a dump and analyze network traffic, even when it is encrypted using SSL / TLS. Using the built-in network routing support for dropping all traffic or routing it through InetSIM, network interface or VPN

Memory of infected system

Perform advanced memory analysis of an infected virtualized system using Volatility as well as process memory detailing using YARA

Checking files and links

Check files and links against antivirus databases using VirusTotal

Leave request