Posts: 16,268
Threads: 10,307
Thanks Received: 9,363 in 7,509 posts
Thanks Given: 10,345
Joined: 12 September 18
26 May 25, 09:00
Quote:Something important has happened – though you might have missed it…
The third version of our Research Sandbox has been released!
Hmm. Hardly jaw-dropping, right? But it still matters – big time. Let me tell you why…
What is it?
What’s a sandbox? Let me start with the very basics…
How can you tell if an object (file, web resource…) is malicious? The simplest way is to run it and see what happens. If it steals passwords and card data or encrypts files and demands a ransom – there you go: it’s malicious. But “sucking it and seeing” is hardly a great idea given the damage such infections/encryption can wreak.
To safely test a suspicious object in a controlled environment, we created a sandbox – a sort of virtual petri dish where malware can reveal its true malicious colors while we observe it under a microscope.
![[Image: main-view-with-VNC-running.png]](https://media.kasperskycontenthub.com/wp-content/uploads/sites/67/2025/05/15154347/main-view-with-VNC-running.png)
Static and dynamic analysis
Now for some details on how we analyze an object in the Sandbox. First, it can perform static analysis – disassembling the object, looking at what’s inside, identifying connections, analyzing the file structure, and comparing all this against our reputation-database information and detection rules; searching for known threats, and identifying potentially suspicious features, etc.
![[Image: static-analysis.png]](https://media.kasperskycontenthub.com/wp-content/uploads/sites/67/2025/05/15154501/static-analysis.png)
Now for the dynamic analysis…
The Research Sandbox can act as a “Matrix” (yes – the one with Neo and Morpheus, not the kinds used in printing or math) for the object – a world where it can live its “normal life”. From the perspective of the running file (script, webpage), the Sandbox appears to be a regular workstation.
Meanwhile, the bad guys are getting forever smarter. They’re constantly getting better at identifying artificial environments and then tricking them.
![[Image: report.png]](https://media.kasperskycontenthub.com/wp-content/uploads/sites/67/2025/05/15154553/report.png)
But back to our Sandbox being like a “Matrix for malware”…
We’ve got cutting-edge technology like a robust event-logging system, and it’s all deeply embedded within the virtual OS and virtualization system layers that malware can’t access. And yes, a real-world workstation environment is also simulated. Files open and close, processes start and stop, the user browses documents, and shops for a robot vacuum on a marketplace, and complains about low pay in a messenger (just kidding, any details on how it works can be provided upon request).
Continue Reading...
Our updated Sandbox (ver. 3.0): “The Matrix for Malware”.
![[-]](https://www.geeks.fyi/images/collapse.png "[-]")
