Glossary
Sandbox
An isolated execution environment that runs a suspicious binary, monitors its behavior, and prevents it from affecting the real system.
A sandbox is an isolated, instrumented environment designed to execute untrusted code safely and record its behavior — file-system activity, network connections, registry modifications, system calls, and spawned processes — without risking the analyst's machine. Sandboxes combine API hooking, virtual machine snapshots, and network simulation. Well-known public sandboxes include Any.run, Joe Sandbox, and Cuckoo (open source). Sophisticated malware detects sandbox characteristics (timing artifacts, missing user interaction, specific registry keys) and changes behavior to evade analysis, a technique called sandbox evasion.