scan_file_sandbox
Analyze suspicious files in a secure sandbox environment to detect malware and understand malicious behavior through configurable execution scenarios.
Instructions
Submit a file for advanced sandbox analysis with detailed configuration.
Args: file_path: Path to the file to analyze is_public: Whether the scan results should be public (default: False) entrypoint: File to execute within archive (if applicable) password: Password for archive files (if applicable) environment: Analysis environment - w7_x64, w10_x64, w11_x64, macos, android, linux (default: w10_x64) timeout: Analysis timeout in seconds - 60, 120, 180, 240, 300 (default: 180) work_path: Working directory - desktop, root, %AppData%, windows, temp (default: desktop) mouse_simulation: Enable mouse simulation (default: True) https_inspection: Enable HTTPS inspection (default: False) internet_connection: Enable internet connection (default: False) raw_logs: Include raw logs (default: False) snapshot: Take VM snapshots (default: False) sleep_evasion: Enable sleep evasion techniques (default: False) smart_tracing: Enable smart tracing (default: False) dump_collector: Enable dump collection (default: False) open_in_browser: Open files in browser (default: False) extension_check: Perform extension check (default: True) modules: Analysis modules to use, e.g., ["csi", "cdr"] (default: None) auto_config: Use automatic configuration (default: False)
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| auto_config | No | ||
| dump_collector | No | ||
| entrypoint | No | ||
| environment | No | w10_x64 | |
| extension_check | No | ||
| file_path | Yes | ||
| https_inspection | No | ||
| internet_connection | No | ||
| is_public | No | ||
| modules | No | ||
| mouse_simulation | No | ||
| open_in_browser | No | ||
| password | No | ||
| raw_logs | No | ||
| sleep_evasion | No | ||
| smart_tracing | No | ||
| snapshot | No | ||
| timeout | No | ||
| work_path | No | desktop |