Introduction
Retrace Sandbox — automated malware analysis for security teams
What is Retrace Sandbox?
Retrace Sandbox is a malware analysis platform that detonates suspicious files inside isolated Windows virtual machines and captures everything that happens — process creation, file writes, registry changes, network connections, and more.
Every sample you submit goes through:
- Dynamic analysis — the file executes inside a monitored Windows 11 VM for up to 5 minutes
- Behavioral tagging — events are automatically tagged with MITRE ATT&CK techniques and suspicious patterns
- AI-powered summarization — Claude analyzes the full event timeline and produces a human-readable report
- Threat scoring — an overall verdict (clean, suspicious, or malicious) with a 0–100 threat score
Key Features
- Real-time monitoring — watch the VM live via VNC while the sample executes
- Sysmon-powered telemetry — captures process trees, file I/O, registry, DNS, and network events
- API-first — submit and retrieve analyses programmatically via REST API
- Team collaboration — organization accounts with role-based access (admin, analyst, viewer)
- Screenshot timeline — periodic screenshots capture the desktop state during detonation
Next Steps
- Quickstart — submit your first sample in under 2 minutes
- API Overview — integrate Retrace into your workflows
- Authentication — create and manage API keys