上QQ阅读APP看书,第一时间看更新
How to do it...
Once your Cuckoo Sandbox is set up, and has a web interface running, follow these steps to gather runtime information about a sample:
- Open up your web interface (the default location is 127.0.0.1:8000), click SUBMIT A FILE FOR ANALYSIS, and select the sample you wish to analyze:
- The following screen will appear automatically. In it, select the type of analysis you wish to perform on your sample:
- Click Analyze to analyze the sample in your sandbox. The result should look as follows:
- Next, open up the report for the sample you have analyzed:
- Select the Behavioral Analysis tab:
The displayed sequence of API calls, registry key changes, and other events can all be used as input to a classifier.