Quickstart
Submit your first sample and understand the results
Create an Account
- Navigate to retrace.cloud and click Get Started
- Choose a plan — Professional (individual) or Organization (team)
- Complete the signup form and verify your email
Once logged in, you'll land on the Dashboard where all your analyses appear.
Submit a Sample
Via the Web Interface
- Click New Scan from the dashboard
- Drag and drop a file or click to browse — supports executables, DLLs, scripts, archives, and documents
- Configure options:
- Duration — how long the VM runs (default: 5 minutes)
- Visibility —
private(your org only) orpublic - Tags — optional labels for organization
- Click Detonate to start the analysis
Via the API
curl -X POST https://retrace.cloud/api/v1/analyze \
-H "X-API-Key: your_api_key" \
-F "[email protected]" \
-F "duration=300" \
-F "visibility=private"See the API Reference for the full request/response schema.
Understanding Results
Once detonation completes, the analysis page shows:
Threat Score
A 0–100 score indicating overall risk:
- 0–29 — Clean / low risk
- 30–69 — Suspicious — warrants investigation
- 70–100 — Malicious — high-confidence threat
Event Timeline
Every system event captured during execution — process creation, file writes, registry modifications, network connections, and DNS queries. Events tagged with behavioral indicators are highlighted.
Process Tree
A hierarchical view of all processes spawned during the analysis, showing parent-child relationships and command-line arguments.
Network Activity
DNS queries, HTTP requests, and TCP/UDP connections made by the sample and its child processes.
Screenshots
Periodic desktop captures showing what happened on-screen during detonation.
AI Summary
An AI-generated report that explains the sample's behavior in plain English, identifies key indicators of compromise (IOCs), and maps activity to MITRE ATT&CK techniques.