Hatching Triage






Hatching Triage Overview

Hatching Triage is a malware analysis sandbox available on cross-platform (Windows, Android, Linux, and macOS). It delivers high-volume malware analysis capabilities and malware configuration extraction for dozens of malware families.

The platform packages are divided into three. The initial packages start at 50 samples submitted for analysis per day. The medium goes up to 50,000, and the third to 500,000, which is uncommon for a sandboxing service. Thanks to its scaling ability, users don’t have to worry about hitting quotas or not being able to perform their day-to-day work.

On the platform, besides being able to configure your Virtual Machine, you’re able to use the Triage monitor so you can watch in real-time the detonation of the files submitted. Whatsmore is that you can take direct control of the VM at any moment if required.

hatching triage

Once the analysis is completed, Triage issues a report that focuses on presenting the most relevant information to the user at once, like the malware configuration that Triage extracts for its malware families database. Also, analysts can configure their reports based on the elements they need rather than others.

hatching triage

Based on a new architecture, without any legacy burden, Triage offers users a modern, fast, and scalable sandbox with a comprehensive API that is integrated with Mindflow so its users can implement Triage into their malware analysis workflows and automatically retrieve reports.


  • Scalable sandbox platform for automated malware analysis
  • Comprehensive API to call Triage actions from your SOAR
  • Orchestration of Mindflow’s integrated ticketing services to directly notify reports to relevant analyst

Automation Through Mindflow

Automation Use Case

Related Integrations