Get the memdump file generated during a fileโ€™s behavior analysis

๐Ÿšง

Special privileges required

Sandbox analyses feeds endpoints are only available to users with a Sandbox feeds license. Contact us for more information.

Each JSON object contained in the file behaviour feed packages include a URL to this API endpoint to download the extracted memdump from the file's sandbox execution. The available in the feed link already includes the download token required by this endpoint. The following snippet represents the JSON structure in the file behaviour feed that takes to the link:

{
  "context_attributes": {
    "memdump": "https://www.virustotal.com/api/v3/feeds/file_behaviours/<TOKEN>/memdump"
  }
}

The link only works during the feed's lifetime. Check /feeds/file_behaviours/{time} for more information.

Language
Click Try It! to start a request and see the response here!