More organizations are starting to use the latest versions of Windows, and it is worth using the same system fingerprint to detect threats more accurately. And today, we reveal a new update on the service exactly for this case. Here is a new addition to the ANY.RUN’s virtual machine – Windows 11 operating system.
Update overview:
- Analyze in Windows 11
Launch samples in a new OS to investigate more threats and vulnerabilities that target this version.
Windows 11 use case
The mass migration to Windows 11 forced malware writers to adapt their works to the new operating system. They began to actively apply new methods and use features, vulnerabilities, and bugs in the new OS to stealthily install and run malware. So now, Hunter and Enterprise users can run a new version of Windows and analyze malware together with ANY.RUN sandbox.
Let’s take a look at the Magniber ransomware sample. This year the malware has been distributed as a disguised Windows 11 upgrade patch package. Magniber remained the same, but it is able to infect various Windows versions, including the 11th OS:
The distribution method is still the same as in previous attacks in April, including downloads from forums, cracked software websites, and fake porn websites.
The ransomware uses the RSA (2048 bits long)+AES encryption algorithms. And it is quite challenging to decrypt. But ANY.RUN can successfully detect this malware, and you can monitor the whole attack in Windows 11 in real-time mode. But we recommend all users run the malicious programs only in a secure VM.
With the latest version of the Windows, you can test exploits and check the exploitability of vulnerabilities aimed at this OS. It will keep your organization’s security safe and up-to-date.
Conclusion
Cybercriminals will endeavor to ensure the effectiveness of their malicious intentions. That’s why they adopt new features, OSs, program builds to make their programs invincible. But we also stay strong and don’t want to give up. You can analyze samples in VM using Windows 11 OS to combat these threats and test vulnerabilities.
Try this new addition to ANY.RUN sandbox, and don’t forget to check out our previous December and November updates!
0 comments