Process: Using Any.Run to analyse a file/URL

Any.Run is an online sandbox analysis application that is used to run suspicious executables or visit websites, and records system and network level activity. Using Any.Run makes it very easy to analyse malware samples as we can interact with it within the sandbox.

Using Any.Run to analyse a file/URL

First, you need to setup a new task where you select the file or URL you wish to analyse, select the operating system (Windows 7/8.1/10/11) for the sandbox, what connectivity options you want to use, what software should be preloaded, and how long the interactive session should last.

When ready, you click on the Run button. Any.Run will then build the configured environment, display the sandbox environment that you can interact with, and then launch the requested program. For example: here bbc.com was added to scan. Windows 10 and Google chrome has been selected for browsing.

From here, you can interact with the desktop, click on buttons, open the start menu, user browsers, open the registry editor, open task manager, and run applications just like you normally would. The difference is that the sandbox is going to record all network requests, process calls, file activity, and registry activity as shown in the image below.

You can also click on a launched process and see what files it modified, what registry changes it made, what libraries were used, and more.

Few examples from past: