<\/p>\n\n\n\n
A use case<\/strong><\/p>\n\n\n\n The best way to see all features at work is to start the analysis. Why don\u2019t we examine one of the samples? Let\u2019s do it! The first step is to create a new task. Windows 7, the 32-bit rate<\/strong> is available by default. This operating system is one of the most popular ones and that is the reason why it is available for the Community plan\u2019s users. Then you can choose the file to upload. Remember, you can input up to 16 Mb per file<\/strong>. We should note that there is hardly any malware of this size in the wild. If you want to submit a URL address to a file just either type or paste it in the input field. Our service offers you to <\/strong>pick one of the most used browsers to open your link. Advanced malicious programs act differently on various browsers. And, the latest version of them might be crucial for investigations. So, URL analysis in different browsers<\/strong> will come in handy. By checking the \u201cOpen in default browser\u201d box, the URL address opens on the Internet Explorer browser. And we\u2019re ready to run the task! Furthermore, if you have more suspicious files for analysis, don\u2019t worry, you get a chance to launch an unlimited number of public analyses<\/strong>! Upload as many files as you need! But note, please, that your task will be shared publicly with the Community plan.\u00a0\u00a0\u00a0\u00a0<\/p>\n\n\n\n Give the machine a few moments to load and here we go! Now we can monitor the file behavior in the environment.<\/p>\n\n\n\n To observe this task use the following link: <\/p>\n\n\n\n https:\/\/app.any.run\/tasks\/5d684aa5-f184-475d-bc94-b2a9308ddb53\/<\/a><\/p>\n\n\n\n The duration of the analysis is set to 60 seconds<\/strong>, also there is a possibility to add up to 4 minutes. This time is enough to explore the suspicious file and interact with the virtual machine. ANY.RUN\u2019s interactive access <\/strong>is a real game changer! Just imagine that you’re working with an attacked computer, but completely safe. Drag a mouse, tap keys, reboot the system, open files, input data\u2014 do whatever you want to research the file. You get access to the operating system just only a few seconds after starting. There is no need to wait for the end of the analysis \u2014 get the first results in real-time. Let\u2019s execute the word document into the Windows 7 environment in the virtual machine. We can see how the file is loading. And on the right, all processes are structured logically in the process tree. <\/p>\n\n\n\n To finish the task, click the \u201cStop\u201d button in the Up-right corner. As you can see in the “Process details”, a biohazard sign has appeared. It means that the Qbot malware was detected by local signatures \u2014 created file and command-line argument of the cmd.exe process. To get more info, check Advanced details. And now it\u2019s time to dive into analysis with all collected information. In the “Connections” section, you see 1 successful response which downloaded the main payload \u2014 Qbot trojan itself. Clicking on any of them in the Headers column to research “Request details”. Copy the necessary data, if you will. In the “Threats” sector, we get quite a bunch of results listed. If you are interested in a particular one, filter by message. The Class column gives you the whole idea of what was hiding from you. Click on any of them to uncover the “Threat details”. It\u2019s time to get acquainted with \u201cFile modifications\u201d. And collect Process details.<\/p>\n\n\n\n To find out what signatures identified malware, click on the process with the biohazard sign, and detected malware tag. In our case, click on \u201cQBOT was detected\u201d and you can see all signatures through which it was detected. In this example, it\u2019s the created file and arguments of the command line cmd.exe. Get more information in \u201cMore info\u201d in this process. The reports and necessary information can be exported in PDF, JSON, HTML,<\/strong> and PCAP<\/strong> format. Moreover, you get additional details in the info block. For example, the process behavior graph<\/strong> gives you extra data such as a file\u2019s type, the malware family, the direction of injection, etc. Pick a process to bring up the process details. To find out about the process of an attack, use the Mitre ATT&CK matrix<\/strong>. The whole logic is shown here from the initial access to the impact. Moreover, you can research all the used tactics. This is the way you finish the analysis! Threats are detected and processes are researched. And we are definitely not leaving empty-handed \u2014 all significant material with us, such as detailed reports, a process graph, etc. Of course, it was not an elaborate investigation as the one you get on other plans. However, the essential results you get anyway. Besides the analyses, you get an opportunity to research the enormous ANY.RUN database of the public submissions<\/a>. What a great source to learn and improve as a cybersecurity specialist! <\/p>\n\n\n\n Conclusion<\/strong> The Community plan can be a discovery for you. You can perform analysis for free, isn\u2019t it an advantage? But If you want to go deeper, check out other plans for expanded functionalities, more opportunities, and even more comprehensive reports. Sounds interesting? Stay tuned to learn more about other plans in our next articles. You can also find information about all plans and their description here<\/a>. <\/p>\n\n\n\n And don\u2019t forget that you can find more examples of how to use the Community plan in the video below. Go ahead and watch it!
<\/p>\n\n\n\n
<\/p>\n\n\n\n
<\/p>\n\n\n\n![\"\"](\"\/cybersecurity-blog\/wp-content\/uploads\/2020\/11\/scr1-1.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/lh3.googleusercontent.com\/LNjC1ynVh8g_ZLCuPepO5MfUiPW6L_pwZsq8sVzDJgMQSPOVyjR2xAggfArkuuiQZchVu573ZgD1rWnvXhUIFG6GUdC2nNwPYaE5UCrzuHbXOWAgNSD0NZ37iwVzTnSWsC7IQZd-\")
<\/p>\n\n\n\n
<\/p>\n\n\n\n
<\/p>\n\n\n\n
<\/p>\n\n\n\n
<\/p>\n\n\n\n
<\/p>\n\n\n\n
<\/p>\n\n\n\n![\"\"](\"https:\/\/lh5.googleusercontent.com\/kVW3adVqoCRFwdl6nNsnqVH8dTcXuYYk6O22FpR7huJLMcj5xNPwaK-BFT6CxmNjIH3q03XPQW7XAZ_ow2gZetRDnf4_JzeAAXgX1eMYKWOAEQ0v-bhOpn9IY98APhuxeXoCfn_k\")
<\/p>\n\n\n\n
<\/p>\n\n\n\n
<\/p>\n\n\n\n
<\/p>\n\n\n\n