analyzing-malware-behavior-with-cuckoo-sandbox
Installation
SKILL.md
Analyzing Malware Behavior with Cuckoo Sandbox
When to Use
- A suspicious sample passed static analysis triage and requires behavioral observation in a controlled environment
- You need to capture network traffic, file drops, registry modifications, and API calls from a malware execution
- Determining the full infection chain including second-stage payload downloads and persistence mechanisms
- Generating behavioral signatures and YARA rules based on observed runtime activity
- Automated analysis of bulk malware samples requiring consistent reporting
Do not use when the sample is a known ransomware variant that may spread via network shares in a misconfigured sandbox; verify network isolation first.