Dynamic Analysis

Dynamic analysis runs the malware in a controlled environment and observes its behavior: files created, registry changes, processes spawned, and network traffic.

It reveals what the sample actually does, including behavior hidden from static analysis by packing.

Run malware only in an isolated sandbox: a virtual machine with a clean snapshot you can revert to.

Use a host-only or fake network so the malware cannot reach the internet or your real systems. Never analyze on a machine connected to a production network.