Automated Malware Analysis - Joe Sandbox Cloud Basic

Create, Search and Select Tags

Internet Access

The sample / URL is analyzed on a system with full access to the Internet!

HTTPS

Inspects encrypted HTTPS traffic. Will enable full internet access!

Localized Internet Anonymization Redirects the Internet traffic through a specified country

Internet Simulation

The sample / URL is analyzed on a system with Internet Simulation! No Internet access is granted.

HCA

Enables HCA (Hybrid Code Analysis). Requires more analysis time but performs deeper analysis.

EOL HDC

Enables HDC (Hybrid Decompilation).

EOLVBA

Instruments VBA Macro code embedded in Microsoft Office files (doc, docx, docm, xls, xslx, xlsxm etc). Will perform two analyses, one with and one without instrumentation. This option will consume two analyses!

EOLJavascript Instrumentation

Instruments Javascript files which are run by the Windows Javascript script host (WSH). Will perform two analyses, one with and one without instrumentation. This option will consume two analyses!

Javascript Tracing

Traces Javascript function calls in browser. This option is available only for live interaction on default analyzer.

EOLJAVA

Traces Java JAR files. Will perform two analyses, one with and one without tracing. This option will consume two analyses!

EOL .NET Framework

Traces samples using .NET. Will perform two analyses, one with and one without tracing. This option will consume two analyses!

AMSI

Perform generic unpacking using the Microsoft Antimalware Scan Interface (AMSI)

Powershell Logging

Enables Powershell Logging.

Fast Mode

Enables Fast Mode. Fast Mode focusses on fast analysis and detection versus deep forensic analysis.

Secondary Results

Enables secondary results such as execution graph generation as well as several detail reports. Analysis will run faster if secondary results are disabled.

Check Cache

Stop if any previous analysis matches your current submission (hash for a file or text for a URL).

Disable Chained Runs

Disable automatically chained runs. Chained runs use additional techniques based on the final run's results, e.g. run without instrumentation, or run on bare metal.
If you use this option, detection results are less reliable.

Command-line Argument

Will start the sample with the given command-line argument.

Microsoft Office / PDF Password

This password will be used to decrypt Office and PDF documents. The default password is "1234".

Archive Password

This password will be used to decrypt archives (zip, 7z, rar etc.). This only works for sample submissions ""(not e.g. for "Download & Execute File"). Only alphanumeric characters and the following special characters are allowed: _-.,;!?%""
The default password is "infected".

Starts Sample as normal user

Starts the sample with normal user privileges (default is with Administrator privileges)

Set System Date

Change the analyzer's system date (helpful for date-aware samples)

Anti-Evasion for Language and Country-Aware Samples Changes the locale, location, and keyboard layout of the analysis machine

URL Reputation

Use third party URL reputation lookup. This will upload URLs and domains to third party services!

Setup Code

This code will be executed before the analysis is run. Make sure to enter valid AutoIt code.

Analysis Encryption

Encrypt analysis (i.e. samples, reports) after the analysis.

Share sample

Let other users download your sample in addition to the analysis data and reports

Notifications

Send an email notification once your submission has been analysed.

Deep Malware Analysis

Choose Analysis Architecture

Define Sample Source and Choose Analysis System

Windows 11

4x w11x64_office

Windows 10

10x w10x64

2x w10x64native

w10x64_iis

w10x64_hvm

w10x64_21h1_office_active_directory

8x w10x64_office

w10x64_russian

w10x64_chinese

w10x64_21h1_office_patchlevel_Nov21

Windows 7

w7x64

w7x64_lang_packs

w7_lang_packs

w7x64native_hvm

w7x64_hvm

8x w7_1

w7

w7_2

w7_3

8x w7x64l

w7native

w7x64native

10x w10x64

Live Interaction & Results

Settings

Tagging No Tags selected

Available tags:

Network Internet Access HTTPS

Code Analysis HCA VBA Javascript Instrumentation Javascript Tracing JAVA .NET AMSI Powershell Logging

Filtering and Performance Fast Mode Enable secondary Results Check Cache Disable chained runs

Intelligence Cmdline Argument Office / PDF PW Archive PW Normal User Change System Date Anti-Evasion Language & Country URL Reputation

Cookbooks Coobook Setup Code

Privacy Encrypt analysis

Collaboration Share sample

Div Notifications

Accept Terms and Conditions

macvm-mojave

mac-mojave

mac-arm-ventura

mac-bigsur

mac-monterey

Live Interaction

Settings

Tagging No Tags selected

Available tags:

Network Internet Access HTTPS

Filtering Enable secondary Results Check Cache

Intelligence Archive Password URL Reputation

Privacy Encrypt analysis

Collaboration Share sample

Div Notifications

Accept Terms and Conditions

5x android6

android7_nougat

android8_oreo

Settings

Tagging No Tags selected

Available tags:

Network Internet Access HTTPS

Filtering Enable secondary Results Check Cache Disable Chained Runs

Intelligence Archive Password URL/File Intelligence

Privacy Encrypt analysis

Collaboration Share sample

Div Notifications

Accept Terms and Conditions

4x lnxubuntu20

lnxubuntu1

lnxcentos1

Settings

Tagging No Tags selected

Available tags:

Network Internet Access HTTPS

Filtering Enable secondary Results Check Cache

Intelligence Archive Password URL Reputation