{"id":14392,"date":"2025-06-19T11:30:37","date_gmt":"2025-06-19T11:30:37","guid":{"rendered":"\/cybersecurity-blog\/?p=14392"},"modified":"2025-08-21T11:47:31","modified_gmt":"2025-08-21T11:47:31","slug":"detonation-actions","status":"publish","type":"post","link":"https:\/\/any.run\/cybersecurity-blog\/detonation-actions\/","title":{"rendered":"Simplify Threat Analysis and Boost Detection Rate with Detonation Actions\u00a0"},"content":{"rendered":"\n<p>Threat analysis is a complex task that demands full attention, especially during active incidents, when every second counts. ANY.RUN\u2019s <a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=detonation_actions&amp;utm_term=190625&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\">Interactive Sandbox<\/a> is designed to ease that pressure with an intuitive interface and fast threat detection.&nbsp;&nbsp;<\/p>\n\n\n\n<p>Our new feature, Detonation Actions, takes this further by highlighting detonation steps during analysis. When a specific action is needed to trigger the sample, like launching a file or clicking a link, it appears as a suggestion, so you know exactly what to do.&nbsp;<\/p>\n\n\n\n<p>Detonation Actions work in both manual mode and with <a href=\"https:\/\/any.run\/cybersecurity-blog\/automated-interactivity-stage-two\/\" target=\"_blank\" rel=\"noreferrer noopener\">Automated Interactivity<\/a>.&nbsp;Whether you\u2019re investigating manually or running automated sessions, this guided mode reduces the time it takes to respond to threats and helps you catch the full scope of malicious behavior with minimal effort.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What Are Detonation Actions?&nbsp;<\/h2>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"580\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/image9-6-1024x580.png\" alt=\"\" class=\"wp-image-14397\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/image9-6-1024x580.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/image9-6-300x170.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/image9-6-768x435.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/image9-6-1536x870.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/image9-6-370x210.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/image9-6-270x153.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/image9-6-740x419.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/image9-6.png 1842w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>You can find the Actions tab next to the Processes tab<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>Detonation Actions are built-in hints in ANY.RUN\u2019s Interactive Sandbox that guide users step-by-step through the threat analysis process. They are available in every sandbox session, for all users, and help make both manual and automated investigations clearer and more efficient.&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/app.any.run\/tasks\/069d90f5-58e5-4178-90f6-7b1626847d5f\" target=\"_blank\" rel=\"noreferrer noopener\">See example<\/a>&nbsp;<\/p>\n\n\n\n<p>Here\u2019s how it works depending on your plan:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Community (free) and Hunter Plans<\/strong>: You can see the suggested actions and follow them manually during your session.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/any.run\/cybersecurity-blog\/anyrun-enterprise-plan\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Enterprise Plan<\/strong><\/a>: Track each action performed by Automated Interactivity, including via API, for a fully automated, hands-free analysis with full transparency.\u00a0<\/li>\n<\/ul>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nSpeed up threat analysis in your SOC with <span class=\"highlight\">ANY.RUN<\/span><br>boost detection rate and extract IOCs for effective response&nbsp;   \n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/any.run\/demo\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=detonation_actions&#038;utm_term=190625&#038;utm_content=linktodemo\" rel=\"noopener\" target=\"_blank\">\nTry it with 14-day trial\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h2 class=\"wp-block-heading\">One Button to Start the Guided Mode&nbsp;<\/h2>\n\n\n\n<p>Before launching your analysis, you\u2019ll now see a new <em>Auto<\/em> button during the VM setup phase. Clicking this button starts your session with <strong>Automated Interactivity<\/strong> enabled, which in turn activates the <strong>guided mode, <\/strong>powered by Detonation Actions.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"736\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/imagea-2-1024x736.png\" alt=\"\" class=\"wp-image-14399\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/imagea-2-1024x736.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/imagea-2-300x216.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/imagea-2-768x552.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/imagea-2-1536x1104.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/imagea-2-370x266.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/imagea-2-270x194.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/imagea-2-740x532.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/imagea-2.png 1862w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Use the new Auto button for faster activation of Automated Interactivity<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>For your convenience, you can also enable the same feature manually by toggling <em>Automated Interactivity (ML)<\/em> in the <em>Additional settings<\/em> section above.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"798\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/imageb-1-1024x798.png\" alt=\"\" class=\"wp-image-14401\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/imageb-1-1024x798.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/imageb-1-300x234.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/imageb-1-768x598.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/imageb-1-1536x1197.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/imageb-1-370x288.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/imageb-1-270x210.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/imageb-1-385x300.png 385w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/imageb-1-740x576.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/imageb-1.png 1674w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Automated Interactivity (ML) toggle enabled instead of using the Auto button<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>Once the session begins, you\u2019ll notice Detonation Actions appear on the right side of the screen, next to the process tree. These hints show you exactly what steps have been or should be taken to trigger malicious behavior.&nbsp;&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"568\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/imagec-4-1024x568.png\" alt=\"\" class=\"wp-image-14405\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/imagec-4-1024x568.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/imagec-4-300x166.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/imagec-4-768x426.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/imagec-4-1536x852.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/imagec-4-2048x1136.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/imagec-4-370x205.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/imagec-4-270x150.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/imagec-4-740x410.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Detonation Actions displayed inside ANY.RUN sandbox<\/em><\/figcaption><\/figure><\/div>\n\n\n<p>This gives you a clear picture of what was done, what triggered the threat, and how it unfolded, helping you detect malicious activity faster and respond more confidently.&nbsp;<\/p>\n\n\n\n<p>In the manual mode, you can manually approve actions (by clicking the <em>Approve<\/em> button) or reject them (by clicking the <em>X<\/em> icon) for each suggested step.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"713\" height=\"482\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/imaged-1.png\" alt=\"\" class=\"wp-image-14408\" style=\"width:439px;height:auto\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/imaged-1.png 713w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/imaged-1-300x203.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/imaged-1-370x250.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/imaged-1-270x183.png 270w\" sizes=\"(max-width: 713px) 100vw, 713px\" \/><figcaption class=\"wp-element-caption\"><em>You can trigger actions by clicking the Approve button<\/em><\/figcaption><\/figure><\/div>\n\n\n<p>Automated Interactivity handles the actions for you; no manual approval needed.&nbsp;<\/p>\n\n\n\n<p>Thanks to Detonation Actions, you get a guided analysis flow that improves detection and drastically cuts down your time to respond.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">How Detonation Actions Help Analysts&nbsp;<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Automated Interactivity&nbsp;<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Boosts detection rate<\/strong> by ensuring no critical actions are missed during analysis thanks to predefined, expert-crafted hints.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Visualizes critical detonation steps<\/strong>, showing which actions were performed or recommended during the analysis.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Frees up analyst time<\/strong> by automating routine tasks, so they can focus on more complex investigations while maintaining high detection quality.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Manual Analysis&nbsp;<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Helps uncover hidden threats<\/strong> by suggesting actions tailored to detonate specific malware types.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Simplifies investigations<\/strong> with interactive hints like \u201cRunning this executable\u201d or \u201cFollowing this link.\u201d&nbsp;<\/li>\n<\/ul>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"444\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/image4-7.png\" alt=\"\" class=\"wp-image-14410\" style=\"width:350px;height:auto\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/image4-7.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/image4-7-300x130.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/image4-7-768x333.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/image4-7-370x160.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/image4-7-270x117.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/image4-7-740x321.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Some of the Actions include launching a file from a Registry key and Task Scheduler<\/em> <\/figcaption><\/figure><\/div>\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Streamlines analysis of specific samples<\/strong>, for instance, by opening URLs in QR codes directly inside the analysis sessions.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Improves accessibility<\/strong> by making manual analysis more intuitive for SOC analysts at any skill level.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Speeds up decision-making<\/strong> through a clearer workflow and real-time actionable guidance.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">See It in Action:&nbsp;Detonation&nbsp;Actions + Automated Interactivity in a Real Sample&nbsp;<\/h2>\n\n\n\n<p>Let\u2019s walk through how Detonation Actions work in a real scenario using an .exe file and Automated Interactivity.&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/app.any.run\/tasks\/ad46312b-a94e-4c60-874f-ba37945fd547\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=detonation_actions&amp;utm_term=190625&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">View analysis session<\/a>&nbsp;<\/p>\n\n\n\n<p>To start, we upload the .exe file and simply click the <em>Auto<\/em> button during the VM setup phase. This launches the sandbox session immediately with <strong>Automated Interactivity <\/strong>and <strong>Detonation Actions<\/strong>.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"797\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/image5-5-1024x797.png\" alt=\"\" class=\"wp-image-14413\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/image5-5-1024x797.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/image5-5-300x234.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/image5-5-768x598.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/image5-5-1536x1196.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/image5-5-370x288.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/image5-5-270x210.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/image5-5-385x300.png 385w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/image5-5-740x576.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/image5-5.png 1680w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Automated Interactivity enabled inside ANY.RUN sandbox<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>As the session begins, we can see&nbsp;Detonation&nbsp;Actions popping up quickly in the right corner of the screen. These actions, such as <strong>\u201cLaunching a file from Task Scheduler\u201d<\/strong> or <strong>\u201cExtracting a file from an archive\u201d, <\/strong>are automatically executed, moving the analysis forward without any manual intervention.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"571\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/image6-6-1024x571.png\" alt=\"\" class=\"wp-image-14416\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/image6-6-1024x571.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/image6-6-300x167.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/image6-6-768x428.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/image6-6-1536x857.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/image6-6-2048x1143.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/image6-6-370x206.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/image6-6-270x151.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/image6-6-740x413.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Detonation Actions approved automatically<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>At the same time, the <strong>Processes<\/strong> section started populating with detailed insights, showing each spawned process along with associated tactics, techniques, and indicators.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"569\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/image8-8-1024x569.png\" alt=\"\" class=\"wp-image-14423\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/image8-8-1024x569.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/image8-8-300x167.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/image8-8-768x426.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/image8-8-1536x853.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/image8-8-2048x1137.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/image8-8-370x205.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/image8-8-270x150.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/06\/image8-8-740x411.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Tree of processes displayed along with Detonation Actions<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>This combination, automated execution + guided visibility, gives analysts a powerful advantage: a complete behavioral picture of the malware, without delays or missed steps. It\u2019s fast, structured, and built for clarity.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">How SOCs and Businesses Benefit from It&nbsp;<\/h2>\n\n\n\n<p>The introduction of Detonation Actions brings clear, measurable value to security teams and businesses by improving both the speed and quality of threat analysis.&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Simplifies and accelerates threat analysis<\/strong>&nbsp;<br>Makes threat analysis easier and <a href=\"https:\/\/any.run\/cybersecurity-blog\/action-plan-for-soc-webinar-recap\/\" target=\"_blank\" rel=\"noreferrer noopener\">faster for SOC<\/a> teams at any level, saving time, reducing manual effort, and boosting overall productivity.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Improves data handover between SOC Tiers<\/strong>&nbsp;<br>Enhances the quality of data transfer from Tier 1 to Tier 2 analysts through detailed, action-based reports, ensuring critical insights are passed along clearly and efficiently.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Enables faster incident response<\/strong>&nbsp;<br>Streamlines triage by automating key steps in the <a href=\"https:\/\/any.run\/cybersecurity-blog\/threat-intelligence-feeds-in-incident-response\/\" target=\"_blank\" rel=\"noreferrer noopener\">response<\/a> process, reducing time to detect and respond to threats, and minimizing potential impact.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Boosts employee training and onboarding<\/strong>&nbsp;<br>Helps junior analysts learn faster thanks to clear, guided hints, shortening the learning curve and allowing them to contribute to investigations sooner.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Supports smarter decision-making<\/strong>&nbsp;<br>Empowers team members with more context and clearer behavioral evidence, helping them make faster, more confident decisions during investigations.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Integrates easily into automation workflows<\/strong>&nbsp;<br>Works seamlessly with automated triage and incident response setups, maintaining high detection rates while reducing manual overhead.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Ready to Try It Yourself?<\/h2>\n\n\n\n<p>Detonation Actions are built to make your job easier, whether you&#8217;re triaging a live threat or onboarding a new team member. You get expert guidance, faster detection, and a clearer view of what malware is really doing.&nbsp;<\/p>\n\n\n\n<p>Start your next investigation with ANY.RUN\u2019s guided mode and see how much smoother analysis can be.&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/app.any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=detonation_actions&amp;utm_term=190625&amp;utm_content=linktoregistration#register\/\" target=\"_blank\" rel=\"noreferrer noopener\">Launch your ANY.RUN sandbox session now<\/a>&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">About ANY.RUN&nbsp;&nbsp;<\/h2>\n\n\n\n<p><a href=\"http:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=detonation_actions&amp;utm_term=190625&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN<\/a>&nbsp;helps more than 500,000 cybersecurity professionals worldwide. Our Interactive Sandbox simplifies malware analysis of threats that target both Windows and Linux systems. Our threat intelligence products,&nbsp;<a href=\"https:\/\/any.run\/cybersecurity-blog\/introducing-any-run-threat-intelligence-lookup\/\" target=\"_blank\" rel=\"noreferrer noopener\">Threat Intelligence Lookup<\/a>&nbsp;and&nbsp;<a href=\"https:\/\/any.run\/cybersecurity-blog\/threat-intelligence-feeds\/\" target=\"_blank\" rel=\"noreferrer noopener\">Feeds<\/a>, help you find IOCs or files to learn more about the threats and respond to incidents faster.&nbsp;&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/any.run\/demo\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=detonation_actions&amp;utm_term=190625&amp;utm_content=linktodemo\" target=\"_blank\" rel=\"noreferrer noopener\">Request trial of ANY.RUN\u2019s services to test them in your organization \u2192<\/a>&nbsp;&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Threat analysis is a complex task that demands full attention, especially during active incidents, when every second counts. ANY.RUN\u2019s Interactive Sandbox is designed to ease that pressure with an intuitive interface and fast threat detection.&nbsp;&nbsp; Our new feature, Detonation Actions, takes this further by highlighting detonation steps during analysis. When a specific action is needed [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":14426,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[57,10,54,55,56],"class_list":["post-14392","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-service-updates","tag-anyrun","tag-cybersecurity","tag-features","tag-release","tag-update"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.10 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Simplify Threat Analysis and Detection with Detonation Actions\u00a0<\/title>\n<meta name=\"description\" content=\"See how ANY.RUN\u2019s Interactive Sandbox shows you steps for detonating cyber threats for better detection and attack visibility.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/any.run\/cybersecurity-blog\/detonation-actions\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ANY.RUN\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/detonation-actions\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/detonation-actions\/\"},\"author\":{\"name\":\"ANY.RUN\",\"@id\":\"https:\/\/any.run\/\"},\"headline\":\"Simplify Threat Analysis and Boost Detection Rate with Detonation Actions\u00a0\",\"datePublished\":\"2025-06-19T11:30:37+00:00\",\"dateModified\":\"2025-08-21T11:47:31+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/detonation-actions\/\"},\"wordCount\":1219,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"keywords\":[\"ANYRUN\",\"cybersecurity\",\"features\",\"release\",\"update\"],\"articleSection\":[\"Service Updates\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/detonation-actions\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/detonation-actions\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/detonation-actions\/\",\"name\":\"Simplify Threat Analysis and Detection with Detonation Actions\u00a0\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/\"},\"datePublished\":\"2025-06-19T11:30:37+00:00\",\"dateModified\":\"2025-08-21T11:47:31+00:00\",\"description\":\"See how ANY.RUN\u2019s Interactive Sandbox shows you steps for detonating cyber threats for better detection and attack visibility.\",\"breadcrumb\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/detonation-actions\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/detonation-actions\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/detonation-actions\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Service Updates\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/category\/service-updates\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Simplify Threat Analysis and Boost Detection Rate with Detonation Actions\u00a0\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN&#039;s Cybersecurity Blog\",\"description\":\"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.\",\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/any.run\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"url\":\"https:\/\/any.run\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"contentUrl\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"width\":1,\"height\":1,\"caption\":\"ANY.RUN\"},\"image\":{\"@id\":\"https:\/\/any.run\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/www.any.run\/\",\"https:\/\/twitter.com\/anyrun_app\",\"https:\/\/www.linkedin.com\/company\/30692044\",\"https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"caption\":\"ANY.RUN\"},\"url\":\"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Simplify Threat Analysis and Detection with Detonation Actions\u00a0","description":"See how ANY.RUN\u2019s Interactive Sandbox shows you steps for detonating cyber threats for better detection and attack visibility.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/any.run\/cybersecurity-blog\/detonation-actions\/","twitter_misc":{"Written by":"ANY.RUN","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/any.run\/cybersecurity-blog\/detonation-actions\/#article","isPartOf":{"@id":"https:\/\/any.run\/cybersecurity-blog\/detonation-actions\/"},"author":{"name":"ANY.RUN","@id":"https:\/\/any.run\/"},"headline":"Simplify Threat Analysis and Boost Detection Rate with Detonation Actions\u00a0","datePublished":"2025-06-19T11:30:37+00:00","dateModified":"2025-08-21T11:47:31+00:00","mainEntityOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/detonation-actions\/"},"wordCount":1219,"commentCount":0,"publisher":{"@id":"https:\/\/any.run\/"},"keywords":["ANYRUN","cybersecurity","features","release","update"],"articleSection":["Service Updates"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/any.run\/cybersecurity-blog\/detonation-actions\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/any.run\/cybersecurity-blog\/detonation-actions\/","url":"https:\/\/any.run\/cybersecurity-blog\/detonation-actions\/","name":"Simplify Threat Analysis and Detection with Detonation Actions\u00a0","isPartOf":{"@id":"https:\/\/any.run\/"},"datePublished":"2025-06-19T11:30:37+00:00","dateModified":"2025-08-21T11:47:31+00:00","description":"See how ANY.RUN\u2019s Interactive Sandbox shows you steps for detonating cyber threats for better detection and attack visibility.","breadcrumb":{"@id":"https:\/\/any.run\/cybersecurity-blog\/detonation-actions\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/any.run\/cybersecurity-blog\/detonation-actions\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/any.run\/cybersecurity-blog\/detonation-actions\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/any.run\/cybersecurity-blog\/"},{"@type":"ListItem","position":2,"name":"Service Updates","item":"https:\/\/any.run\/cybersecurity-blog\/category\/service-updates\/"},{"@type":"ListItem","position":3,"name":"Simplify Threat Analysis and Boost Detection Rate with Detonation Actions\u00a0"}]},{"@type":"WebSite","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/","name":"ANY.RUN&#039;s Cybersecurity Blog","description":"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.","publisher":{"@id":"https:\/\/any.run\/"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/any.run\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/any.run\/","name":"ANY.RUN","url":"https:\/\/any.run\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","width":1,"height":1,"caption":"ANY.RUN"},"image":{"@id":"https:\/\/any.run\/"},"sameAs":["https:\/\/www.facebook.com\/www.any.run\/","https:\/\/twitter.com\/anyrun_app","https:\/\/www.linkedin.com\/company\/30692044","https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ"]},{"@type":"Person","@id":"https:\/\/any.run\/","name":"ANY.RUN","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","caption":"ANY.RUN"},"url":"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/"}]}},"_links":{"self":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/14392"}],"collection":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/comments?post=14392"}],"version-history":[{"count":18,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/14392\/revisions"}],"predecessor-version":[{"id":15593,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/14392\/revisions\/15593"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media\/14426"}],"wp:attachment":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media?parent=14392"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/categories?post=14392"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/tags?post=14392"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}