ANY.RUN is a malware sandbox service in the cloud. By using this analyzer, an analyst can submit a suspicious file or URL to the service for analysis and get a report. The report can contain various information such as:
- Interactive access
- Research threats by filter in public submissions
- File and URL dynamic analysis
- Mitre ATT&CK mapping
- Detailed malware reports
You need a valid AnyRun API integration subscription to use the analyzer. Free plan does not provide API access.
- Provide your API token as a value for the
tokenparameter. - Define the privacy setting in
privacy_typeparameter. - Set
verify_sslparameter as false if you connection requires it
AnyRun provides a number of parameters that can be modified to do additional/different analysis.
- Set the "bitness" of your runtime environment with the
env_bitnessparameter. - Select which version of Windows to use by setting
env_versionparameter. - Select which products to install by default with
env_typeparameter. - Enable/disable networking with
opt_network_connectparameter. - Enable/disable "FakeNet" with
opt_network_fakenetparameter. - Enable/disable the TOR network with
opt_network_torparameter. - Enable/disable MITM for https connections with
opt_network_mitmparameter. - Need a specific geolocation? use
opt_network_geoparameter. - Need to analyze something with evasion tactics?
opt_kernel_heavyevasion - Change the timeout settings with
opt_timeoutparameter. - Select which folder the analysis starts in with
obj_ext_startfolderparameter. - Select which browser to use for analysis with
obj_ext_browserparameter.