Tasks in ANY.RUN sandbox are like projects in GitHub. Every time you start an analysis of a suspicious object or link you create a new one. Follow these steps to get started.
Create a new task
First, let’s open the configuration window. This is how we’ll be able to set up our virtual machine and network options.
- Click on the “New task” button in the sidebar to get started.
This is accessible from your dashboard and when browsing public submissions. A modal window will pop up with options to set up the VM.
Choose the setup mode
There are a couple of ways to configure your virtual machine in the cloud.
- A default mode, which is our ‘plug-and-play’ option
- And a “Pro” mode — this is the one you will likely use most of the time
In the default mode you can:
- Upload a file — by choosing it from the filesystem or drag-and-dropping — or insert a link.
- Choose an operating system
- Specify the “bitness”
For our paid users, tasks will run with privacy setting set to “private”. This means that the result will not be saved in public submissions. And for our community plan users the default mode will be set to “public”.
Switch to the pro mode to configure these and other settings.
Configure advanced settings
Flip the “Pro” toggle to access advanced settings.
The first thing you’ll probably notice after the window transforms is the “New VM video streaming” toggle. It optimizes the VM to be responsive with a higher frame rate.
You can use the dropdowns to choose the startup directory and, when analyzing links, a default web browser. You can select Chrome, Firefox, Opera, or Internet explorer.
Then add a cmd command to customize the startup behavior — type your own or use a preset.
The “Change extension to valid” option controls what happens when a file lacks an extension or comes with an invalid one. Set it to “on” and it will edit the extension when necessary, so the file always runs.
Extend the time limit
Use the slider to set the execution time limit — it controls how long your VM stays alive and goes up to 20 minutes, depending on your plan.
Configure network settings
Network stream analysis will quickly become one of your most-used ANY.RUN features. Try experimenting with these options:
- MITM Proxy intercepts the traffic coming in and out of the sandbox. Select it to analyze traffic that was HTTPS encrypted.
- Fake net mimics an internet environment without actually connecting to the web.
For an extra layer of security, you can also choose to route traffic via TOR or a custom VPN configuration.
Set up the virtual machine
One of ANY.RUN’s major pros is how rapidly you can analyze the same sample in a variety of machine configs.
- Select the OS, from Windows from 7 through 11 — 32-bit or 64-bit versions.
- Set the locale. This is useful for seeing how malware behaves with different language settings.
You can also change what software comes pre-installed in your VM.
- Clean will give you an OS with nothing installed.
- The Office preset comes with only the Microsoft Office software suite.
- The Complete option is similar to a real PC and has various popular programs.
Control the task privacy and save a preset
And finally, make sure to set the privacy settings before you hit the “Run” button. Here you can control who has access to the task or set a self-delete timer.
You might find yourself using a similar configuration over and over again. If that’s the case, there’s a better way than configuring the VM manually every time. Save a preset and you’ll be able to recall that VM config later.
At this point, all that’s left is to click “run” and see the VM fire up. You will be taken to a new window with the virtual machine video streaming. Almost immediately after initialization, you’ll be able to interact with it — type, click on files, or open programs.
ANY.RUN will simultaneously record system activity. It will display processes spawned by the object in question in real time — and mark suspicious and malicious activity.
Check out the video guide in our YouTube:
Did you find this overview useful? Let us know in the comments below. Want to read more content like this? Check out our full guide to using ANY.RUN.