Automated Malware Analysis - Joe Sandbox Cloud Basic

Choose Analysis System

VM Systems

w7
3x w7
Windows 7 SP1 (with Office 2010 SP2, IE 11, FF 54, Chrome 60, Acrobat Reader DC 17, Flash 26, Java 8.0.1440.1)
w7x64
3x w7x64
Windows 7 x64 (Office 2003 SP3, Java 1.8.0_40, Flash 16.0.0.305, Acrobat Reader 11.0.08, Internet Explorer 11, Chrome 41, Firefox 36)
w10
w10
Windows 10 (Java 1.8.0_91, Flash 21.0.0.242, Acrobat Reader DC 2015.016.20039, Internet Explorer 11, Chrome 51, Firefox 47)
w10x64
w10x64
Windows 10 x64 (Java 1.8.0_101, Flash 22, Acrobat Reader DC 15, Internet Explorer 11, Chrome 51, Firefox 47)

HBI (Hypervisor based Inspection) Systems

w7x64native_hvm
w7x64native_hvm
W7x64 Native with HVM (patch level Feb 2018, Office 2016, Java 1.8.0_161, Flash 28, Acrobat Reader DC 18, Internet Explorer 11, Chrome 64, Firefox 58)
w7x64_hvm
w7x64_hvm
Windows 7 x64 HVM (Office 2010, IE11, FF 50.1, Chrome 54.0, Java 1.8.0_111, Adobe Reader DC 2015.02)

VM Office Configs

w7_2
w7_2
Windows 7 (Office 2013 v14, Java 1.8.0_40, Flash 16.0.0.305, Acrobat Reader 11.0.08, Internet Explorer 11, Chrome 41, Firefox 36)
w7_3
w7_3
Windows 7 (Office 2016 v15, Java 1.8.71, Flash 20.0.0.286, Acrobat Reader 11.0.14, Internet Explorer 11, Chrome 48, Firefox 44)
w7_4
w7_4
Windows 7 (Hancom Office 2014 (Korean), Java 1.8.0_40, Flash 16.0.0.305, Acrobat Reader 11.0.08, Internet Explorer 11, Chrome 44, Firefox 36)
w7_5
w7_5
Windows 7 (Ichitaro Office (Japanese), Java 1.8.0_40, Flash 16.0.0.305, Acrobat Reader 11.0.08, Internet Explorer 11, Chrome 44, Firefox 36)

VM Large Scale Configs

w7l
12x w7l
Windows 7 (Java 1.8.0_40, Flash 16.0.0.305, Acrobat Reader 11.0.08, Internet Explorer 11, Chrome 41, Firefox 36)
w7x64l
12x w7x64l
Windows 7 x64 (Java 1.8.0_40, Flash 16.0.0.305, Acrobat Reader 11.0.08, Internet Explorer 11, Chrome 41, Firefox 36)

Native Systems

w7native
2x w7native
W7 Native physical Machine for testing VM-aware malware (Office 2010 v14.0.6029, Java 8 Update 111, Flash 17, Acrobat Reader 11.0.10, Internet Explorer 11, Chrome 55, Firefox 50)
w7x64native
w7x64native
W7x64 Native physical Machine for testing VM-aware malware (Office 2010 v14.0.6029, Java 1.8.0_65, Flash 20.0.0.267, Acrobat Reader 11.0.18, Internet Explorer 11, Chrome 55, Firefox 47)
w10native
w10native
W10 Native physical Machine for testing VM-aware malware (Office 2010, Java 1.8.0_91, Flash 22.0.0.192, Acrobat Reader DC 15.016.20039, Internet Explorer 11, Chrome 55, Firefox 50)

w7

3x w7
Windows 7 SP1 (with Office 2010 SP2, IE 11, FF 54, Chrome 60, Acrobat Reader DC 17, Flash 26, Java 8.0.1440.1)

Tagging No Tags selected

Network Internet Access HTTPS Localized Internet Anonymization Internet Simulation

Code Analysis HCA HDC VBA Javascript JAVA

HCA

Enables HCA (Hybrid Code Analysis).

HDC

Enables HDC (Hybrid Decompilation).

VBA

Instruments VBA Macro code embedded in Microsoft Office files (doc, docx, docm, xls, xslx, xlsxm etc). Will perform two analyses, one with and one without instrumentation. This option will consume two analyses!

Javascript

Instruments Javascript files which are run by the Windows Javascript script host (WSH). Will perform two analyses, one with and one without instrumentation. This option will consume two analyses!

NewJAVA

Traces Java JAR files. Will perform two analyses, one with and one without tracing. This option will consume two analyses!

Interaction New Provide Remote Assistance in view-only mode

Filtering and Performance Hyper Mode Check Cache

Intelligence HBI MS Office Password Start as normal User Anti-Evasion for Date Checks Anti-Evasion for Keyboard Checks URL Reputation

NewHypervisor-based inspection (HBI)

Use Hypervisor based Inspection (HBI) for hooking user mode calls

Microsoft Office Password

NewStarts Sample as normal user

Starts the Sample with normal user privileges (default is with Administrator privileges)

NewAnti-Evasion for date-aware samples

Tries to bypass time-aware samples which check the system date

NewAnti-Evasion for keyboard-aware samples Changes the keyboard layout of the analysis machine

URL Reputation

Use third party URL reputation lookup. This will upload URLs and domains to third party services and WHOIS servers!

VM Systems

3x w7

3x w7x64

w10

w10x64

HBI (Hypervisor based Inspection) Systems

w7x64native_hvm

w7x64_hvm

VM Office Configs

w7_2

w7_3

w7_4

w7_5

VM Large Scale Configs

12x w7l

12x w7x64l

Native Systems

2x w7native

w7x64native

w10native

3x w7

Tagging No Tags selected

Network Internet Access HTTPS Localized Internet Anonymization Internet Simulation

Code Analysis HCA HDC VBA Javascript JAVA

Interaction New Provide Remote Assistance in view-only mode

Filtering and Performance Hyper Mode Check Cache

Intelligence HBI MS Office Password Start as normal User Anti-Evasion for Date Checks Anti-Evasion for Keyboard Checks URL Reputation

Cookbooks AutoIt setup code

Collaboration Collaborate with Joe Sandbox View and Joe Sandbox Class Share sample

Div Notifications

mac1

macvm

Tagging No Tags selected

Available tags:

Network Internet Access

Filtering Check Cache

Intelligence URL Reputation

Collaboration Collaborate with Joe Sandbox View and Joe Sandbox Class

Div Notifications

android6

android4_4

android4_4_lib

3x android5_1

android7_nougat

android5native

android6

Tagging No Tags selected

Network Internet Access

Filtering Check Cache

Intelligence URL Reputation

Collaboration Collaborate with Joe Sandbox View and Joe Sandbox Class Share sample

Div Notifications

lnxubuntu1

lnxcentos1

Tagging No Tags selected

Network Internet Access

Filtering Check Cache

Intelligence URL Reputation

Collaboration Collaborate with Joe Sandbox View and Joe Sandbox Class Share sample

Div Notifications

iphone1

Tagging No Tags selected

Available tags:

Filtering Check Cache

Div Notifications

Tagging No Tags selected

Available tags:

Intelligence URL Reputation

Collaboration Collaborate with Joe Sandbox View and Joe Sandbox Class

Div Notifications

Search started

Yara Super Rule creation started