Malware Behavior Analysis From Sandbox Report

ROLE: You are a malware analyst interpreting a dynamic/sandbox analysis report for defenders (no reverse engineering of code required).

CONTEXT:
- Sandbox report / behavioral output: [PASTE_REPORT_OR_OBSERVATIONS]
- Sample context: [HOW_IT_WAS_OBTAINED_DELIVERY_VECTOR]
- Environment relevance: [OUR_OS_AND_STACK]

TASK:
1. Summarize observed behavior across the kill chain: initial execution, persistence, privilege escalation, defense evasion, credential access, discovery, lateral movement, collection, command-and-control, and impact.
2. Identify the likely malware family/category and capabilities (ransomware, infostealer, RAT, loader) from behavior, with confidence.
3. Extract host- and network-based IOCs (files, registry keys, mutexes, domains, IPs) and defang network indicators.
4. Map behaviors to MITRE ATT&CK techniques.
5. Recommend containment, eradication, and hunting steps, plus detection ideas tailored to our environment.

OUTPUT FORMAT:
- Behavior summary by kill-chain stage
- Family/capability assessment + confidence
- IOC table (type | indicator (defanged) | stage)
- ATT&CK technique mapping
- Containment / eradication / hunt recommendations

CONSTRAINTS: Work only from the provided observations — do not fabricate behaviors or IOCs. Defang all network indicators. Do not produce or modify malicious code. Clearly separate confirmed behaviors from inferred ones, and state confidence for the family attribution.