Any.Run 是一個在線惡意軟體分析工具,分析沙盒服務,即時交互分析特定文件。
Any .Run 總部位於阿拉伯聯合酋長國,由安全研究員Alexey Lapshin於2016年創立。
Any.Run是一款完全交互式的工具,這也是該工具與其他沙箱分析工具的區別所在。這意味著用戶可以上傳文件,在分析文件的同時與沙箱服務即時交互,而不是像其他工具那樣,用戶需要上傳文件然後等待沙箱生成最終報告。在這種環境下,即使待分析的程序需要用戶點擊按鈕、或者待分析的文檔需要用戶啟用某些內容或者宏功能,Any.Run也可以完全勝任。
例如,假設您要分析一個廣告軟體捆綁包,該捆綁軟體要求您在安裝不需要的程式之前單擊各種安裝提示。使用Any.Run,您可以執行此操作。
What we have for
FASTEST MALWARE ANALYSIS
- Interactive access
- A wide set of environments
- Live process events data
- A large number of analyses
- IOCs in convenient format
- Extended IDS rulesets
- Free version for community
INTERACT WITH OS AND GET IMMEDIATE RESULT
Currently, the submission process on our online sandbox plays out like a step by step quest. Thanks to the interactivity of our service, with dynamic malware analysis you have total control over the malware activity and can affect it in a few clicks, which you can not do with automated malware analysis. Find your own unique approach to the analysis of each malware sample!
- Affect the malware behavior in a few clicks
- Immediately get the dynamic malware analysis data
- Interact with the sandbox simulation as needed
- Quickly copy and paste data from/to the sandbox
- Use popular browsers to surf the internet as on the real machine
OPEN URLs IN DIFFERENT BROWSERS
Modern exploit kits can create various issues in different browsers. Therefore, checking suspicious URLs in just one browser may not show all attack vectors of the malware.
Our analysis service supports the latest versions of all popular browsers and operating systems, which optimizes phishing attacks researching, while the ability to download pages with a custom User-Agent header is useful to research phishing on mobile devices.
- Check URLs in the sandbox with multiple browsers for robust results
- Research phishing attacks using optimized tools
- The latest version of browsers and operating systems improve URL analysis quality
MITRE ATT&CK MAPPING
Structural understanding of attacks is very important for threat security analysis.
Most of our signatures are mapped to the mitre ATT&CK matrix and are presented in a convenient way, providing unlimited opportunities for training new staff.
Our malware analysis service makes understanding how the attack took place and what techniques were used much easier!
- Understand cyber threats objectives
- Expand the knowledge of malware analyst
- Identify actions that malware performs step-by-step
INTERACTIVE PROCESS GRAPHS
Our service displays the attack pattern in an interactive visual tree structure, allowing malware analyst to easily analyze the main malicious processes at a glance. The free version of our service displays:
- The type of file being launched (browser, script interpreter, office application, etc.)
- The family of malicious activity, if it was determined
- Malicious files being downloaded and dropped before launch
- Injection direction
All Graphs on our sandbox are fully interactive, allowing researchers to select processes and view more detailed information. Graphs are also automatically included in text reports, giving them additional visibility.
ANALYZE CONTENT OF DIFFERENT FILETYPES
Each new public task complements a huge database. All our data may be used for reanalysis in our system or exported for external analysis. It includes:
- Uploaded or downloaded malware samples
- Created/modified malicious files of any format
- Malicious files of any format downloaded/uploaded on the Internet
- Full network activity dump (PCAP)
- SSL keys for decrypting traffic in external programs (paid feature).
THOUSANDS OF MALWARE REPORTS PER DAY
Our HTML report function allows researchers to format the result of the malware analysis online in order to share with colleagues or for printing.
We provide comprehensive information on the analysis which includes all indicators of compromises, screenshots and Process behavior graphs.
Text reports are customizable and allow excluding unneeded features and hiding sections so that excessive information does not end up in the final presentation.
- Format your results for printing
- Present comprehensive information with our report functions
- Edit reports to exclude unwanted data
ANALYZE NETWORK EVENTS
Investigate HTTP(s) requests/responses and their headers, even for URLs with SSL encryption, with MITM proxy feature! All connections are bound to the processes to know which process is doing it. Watch the network streams to know what data is being sent there. We analyze all the network events and show reputation level if we know something about it. Moreover, we provide extended IDS rulesets with detailed information about the threat.
Route you connection via TOR and leave no chance for malware to escape your eye with network geolocation feature. Choose the country from where you want to surf.
After the malware traffic analysis, export PCAP and SSL keys for use in external malware analysis tools.
IOCS: SUMMARY OF INDICATORS OF COMPROMISE
Get valuable information about the artifacts of network and operating system that were found during the online malware analysis. Use the data to proactively guard against evasive threats in your system. All selected indicators of compromise can be quickly copied and shared with your colleagues or exported to JSON format.
SEARCHER for individuals |
HUNT for individuals |
ENTERPRISE for teams and organizations |
|
CORE FEATURES | |||
Windows 7 32bit | V | V | V |
Linux Ubuntu 22.04.2 64 bit | V | V | V |
Interactive access | V | V | V |
Unlimited analysis | V | V | V |
Malware configuration | V | V | V |
Timeout | 360 sec | 660 sec | 1200 sec |
Max input file size | 32 mb | 100 mb | 100 mb |
Export samples and PCAP (manual only) | 20 requests/ min | 20 requests/ min | 20 requests/ min |
Text reports | V | V | V |
URL analysis in different browsers | V | V | V |
MITRE ATT&CK mapping | V | V | V |
Process behavior graph | V | V | V |
Script tracer | V | V | V |
QR code analysis | V | V | V |
Uploading files to active analysis sessions | V | V | V |
ADVANCED FEATURES | |||
Private reports | V | V | V |
Extended IDS rule sets | Pro rulesets | Pro rulesets | Pro rulesets |
Video record | V | V | V |
MITM proxy for HTTPS | V | V | V |
Commercial usage | V | V | V |
DEEPER ANALYSIS | |||
Windows 7 64bit | V | V | V |
Windows 8.1 32/64 bits | V | V | |
Windows 10 32/64 bits | V | V | |
Windows 11 64 bit | V | V | |
Monitoring of system processes | V | V | |
Locale selection | V | V | |
Reboot support | V | V | |
Priority in queue | V | V | |
Various software presets | V | V | |
Tools collection | V | V | |
Custom OpenVPN configuration | V | V | |
Routing via TOR | V | V | |
Residential proxy | V | V | |
Automated interactivity (ML) | V | V | |
Access to IDS rule content | V | V | |
API/EXPORTS | |||
REST API | 250 requests/mo | From 1500 requests/mo per team | |
JSON summary | V | V | |
Export to MISP format | V | V | |
HTML Document | V | V | |
Browser extension | V | V | |
Common analysis history via API | V | ||
TEAM MANAGEMENT | |||
License center | V | ||
Team privacy | V | ||
Common analysis history | V | ||
Productivity tracking | V | ||
Single Sign-On (SSO) | V | ||
ADDITIONAL SERVICES | |||
Premium support | V | ||
THREAT INTELLIGENCE | |||
TI Statistics | V | V | V |
TI Lookup Requests | 20 (Trial) | 20 (Trial) | 20 (Trial) |
YARA Search Requests | 20 (Trial) | 20 (Trial) | 20 (Trial) |
TI Feeds |
What operation systems are supported?
We support different Windows and Linux OS:
Windows:
Windows 7
Windows 8.1
Windows 10
Windows 11
Windows 11 is available in 64-bit version. Others support both 32 and 64-bit systems.
Linux:
Ubuntu 22.04.2 64 bit