Cuckoo Sandbox






Cuckoo Sandbox and Mindflow have partnered to enable users to automate their incident management and better protect their information systems.

Cuckoo Sandbox Overview

Cyberattackers increasingly use attacks via Malware. Detecting and removing malware artifacts is not enough. You have to understand how they operate to understand the context, the motivations, and the goals of a breach.

Cuckoo Sandbox is an open-source automated malware analysis system. It’s used to automatically run and analyze files and collect comprehensive analysis results that outline what the Malware does while running inside an isolated operating system.


It can retrieve the following type of results:

  • Traces of calls performed by processes spawned by the Malware
  • Files created, deleted, and downloaded by the Malware while it’s running
  • Memory dumps of the malware processes
  • Network traffic trace in PCAP format
  • Screenshots are taken when the Malware is running
  • Complete memory dumps of the machines

In Cuckoo Sandbox, each analysis is launched in a new and isolated virtual or physical machine. The main components of Cuckoo’s infrastructure are a Host machine and several Guest machines. The Host runs the core component of the sandbox that manages the whole analysis process. At the same time, the Guests are the isolated environments where the malware samples get safely executed and analyzed.


By integrating with Cuckoo Sandbox, Mindflow allows users to throw suspicious files in the sandbox. Cuckoo will provide a detailed report outlining the behavior of the file when executed inside a realistic but isolated environment.


  • Analyze malicious files from executables, office documents, pdf files, emails, and malicious websites under Windows, Linux, macOS, and Android virtualized environments.
  • Trace API calls and general behavior of the file and distill this into high-level information and signatures comprehensible by anyone
  • Dump and analyze network traffic, even encrypted with SSL/TLS
  • Analyze the infected virtualized system as well as on a process memory granularity

Automation Through Mindflow

Automation Use Case

Related Integrations