Skill UI

Launch suspicious samples in Cuckoo Sandbox 3.x to capture process trees, file and registry changes, network traffic, and API calls, then produce behavioral reports for IOC extraction, YARA rule creation, and threat scoring so analysts can triage threats in isolation.

Detects malware sandbox evasion by parsing Cuckoo or AnyRun behavioral reports for timing checks, VM artifact queries, user interaction probes, and environment fingerprinting to flag suspicious samples for further review.