Introduction This post explains how to execute a malware specimen in a controlled environment (Sandbox) to identify indicators of compromise (IOC). It doesn't cover initial infection vector, propagation and recovery of infected system Adylkuzz CryptoMiner Adylkuzz is described as a piece of malware that infects computers through the same means as WannaCry but, instead of locking files on computers, hides in the background and digitally makes money. It does not interfere with a user's files but remains behind the scenes. The "symptoms" of the attack include loss of access to shared resources on Windows plus computers and servers running slowly . Once running, Adylkuzz will first stop any potential instances of itself already running and block SMB communication to avoid further infection. It then determines the public IP address of the victim and download the mining instructions, cryptominer, and cleanup tools. Disclaimer You are dealing with real malware sam