{"id":5988,"date":"2023-10-17T09:25:13","date_gmt":"2023-10-17T09:25:13","guid":{"rendered":"\/cybersecurity-blog\/?p=5988"},"modified":"2026-03-19T11:59:34","modified_gmt":"2026-03-19T11:59:34","slug":"malware-analysis-in-a-sandbox","status":"publish","type":"post","link":"https:\/\/any.run\/cybersecurity-blog\/malware-analysis-in-a-sandbox\/","title":{"rendered":"Malware Analysis in ANY.RUN: <br>The Ultimate Guide\u00a0"},"content":{"rendered":"\n<p>Welcome to <a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=newguide&amp;utm_content=landing\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN<\/a>! This crash course will walk you through the basics of using our interactive sandbox to help you achieve your malware analysis goals.&nbsp;<\/p>\n\n\n\n<p>Let\u2019s get started!&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">About ANY.RUN&#8217;s Interactive Sandbox<\/h2>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"576\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/2-1-1024x576.png\" alt=\"\" class=\"wp-image-14790\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/2-1-1024x576.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/2-1-300x169.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/2-1-768x432.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/2-1-1536x864.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/2-1-370x208.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/2-1-270x152.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/2-1-740x416.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/2-1.png 1920w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Enterprise Suite provides tangible results across every SOC tier<\/em><\/figcaption><\/figure><\/div>\n\n\n<p><a href=\"https:\/\/any.run\/features\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=newguide&amp;utm_content=landing\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN\u2019s Interactive Sandbox<\/a> enables security teams to rapidly analyze suspicious files and URLs to detect evasive malware and phishing threats early. The solution delivers measurable results that impact the speed and quality of SOC and MSSP operations, on average providing: <\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>21-minute MTTR reduction<\/strong> thanks to real-time analysis and reporting that fuel fast response.<\/li>\n\n\n\n<li><strong>36% detection rate boost<\/strong> from live interactions with the malware that ensure full detonation of attacks missed by other solutions.<\/li>\n\n\n\n<li><strong>88% of threats revealed within 60<\/strong> <strong>seconds <\/strong>of analysis thanks to advanced detection capabilities.<\/li>\n\n\n\n<li><strong>20% Tier 1 workload reduction<\/strong> via automation, streamlining routine tasks.<\/li>\n\n\n\n<li><strong>30% fewer Tier 1 to Tier 2 escalations<\/strong> by equipping junior staff with actionable insights that let them make decisions on their own with more confidence.<\/li>\n<\/ul>\n\n\n\n<p>Now, let\u2019s dive into the sandbox\u2019s interface.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Setting up your account<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Step 1: Sign up&nbsp;<\/h3>\n\n\n\n<!-- CTA Split START -->\n<div class=\"cta-split\">\n<div class=\"cta__split-left\">\n\n<!-- Image -->\n<img decoding=\"async\" loading=\"lazy\" src=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/09\/0d88188b-3e89-2314-5a60-cb87e8077326.png\" alt=\"ANY.RUN cloud interactive sandbox interface\" class=\"cta__split-icon\" \/>\n<\/div>\n\n<div class=\"cta__split-right\">\n<div>\n\n<!-- Heading -->\n<h3 class=\"cta__split-heading\">Get started with <span class=\"highlight\"> ANY.RUN <\/span><\/h3>\n\n<!-- Text -->\n<p class=\"cta__split-text\">\nAnalyze malware with no limit inside fully interactive Windows VMs to collect fresh IOCs.\n<br \/>\n<br \/>\n<b>Use your business email to register<\/b>.\n<\/p>\n<\/div>\n<!-- CTA Link -->\n<a target=\"_blank\" rel=\"noopener\" id=\"article-banner-split\" href=\"https:\/\/app.any.run\/#register\"><div class=\"cta__split-link\">Sign up now<\/div><\/a>\n<\/div>\n<\/div>\n<!-- CTA Split END -->\n<!-- CTA Split Styles START -->\n<style>\n.cta-split {\noverflow: hidden;\nmargin: 3rem 0;\ndisplay: grid;\njustify-items: center;\nborder-radius: 0.5rem;\nwidth: 100%;\nmin-height: 25rem;\ngrid-template-columns: repeat(2, 1fr);\nborder: 1px solid rgba(75, 174, 227, 0.32);\nfont-family: 'Catamaran Bold';\n}\n\n.cta__split-left {\ndisplay: flex;\nalign-items: center;\njustify-content: center;\nheight: 100%;\nwidth: 100%;\nbackground-color: #161c59;\nbackground-position: center center;\nbackground: rgba(32, 168, 241, 0.1);\n}\n\n.cta__split-icon { \nwidth: 100%;\nheight: auto;\nobject-fit: contain;\nmax-width: 100%;\n}\n\n.cta__split-right {\ndisplay: flex;\nflex-direction: column;\njustify-content: space-between;\npadding: 2rem;\n}\n\n.cta__split-heading { font-size: 1.5rem; }\n\n.cta__split-text {\nmargin-top: 1rem;\nfont-family: Lato, Roboto, sans-serif;\n}\n\n.cta__split-link {\npadding: 0.5rem 1rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: white;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\ndisplay: block;\nz-index: 1000;\nposition: relative;\ncursor: pointer !important;\n}\n\n.cta__split-link:hover {\nbackground-color: #68CBFF;\ncolor: white;\ncursor: pointer;\n}\n\n.highlight { color: #ea2526;}\n\n\n\/* Mobile styles START *\/\n@media only screen and (max-width: 768px) {\n\n.cta-split {\ngrid-template-columns: 1fr;\nmin-height: auto;\n}\n\n.cta__split-left {\nheight: auto;\nmin-height: 10rem;\n}\n\n\n.cta__split-left, .cta__split-right {\nheight: auto;\n}\n\n.cta__split-heading { font-size: 1.2rem; }\n\n.cta__split-text { font-size: 1rem; }\n.cta__split-icon {\nmax-height: auto;\nobject-fit: cover;\n}\n\n}\n\/* Mobile styles END *\/\n<\/style>\n<!-- CTA Split Styles END -->\n\n\n\n<p>For non-business email users, use the #verification channel on <a href=\"https:\/\/discord.gg\/anyrun\" target=\"_blank\" rel=\"noreferrer noopener\">our Discord server<\/a> to request a free ANY.RUN account.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Step 2: Choose your subscription plan&nbsp;<\/h3>\n\n\n\n<p>After logging in to your account, you will be greeted by the dashboard page. From there, you can go to your Profile settings to choose your subscription plan. &nbsp;<\/p>\n\n\n\n<p>We offer a free Community plan that provides you with a basic set of tools for investigations. For an advanced level of malware analysis and privacy, individual researchers can utilize the <a href=\"https:\/\/any.run\/cybersecurity-blog\/subscriptions-hunter-plan\/\" target=\"_blank\" rel=\"noreferrer noopener\">Hunter plan<\/a>.<\/p>\n\n\n\n<p>For use in a real SOC setting, we offer <a href=\"https:\/\/any.run\/cybersecurity-blog\/anyrun-enterprise-plan\/\" target=\"_blank\" rel=\"noreferrer noopener\">Enterprise<\/a> Suite plan that delivers maximum capabilities of the sandbox, including teamwork features, for boosting business security.\u00a0<\/p>\n\n\n\n<p>Learn more about <a href=\"https:\/\/app.any.run\/plans\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=newguide&amp;utm_content=plans\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN&#8217;s plans<\/a><\/p>\n\n\n\n<p>With your account all set-up and firing on all cylinders, it is time you get started with your first analysis.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Setting up a virtual machine for malware analysis<\/strong>&nbsp;<\/h2>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"How to start doing malware analysis? Run your first task on ANY.RUN\" width=\"770\" height=\"433\" src=\"https:\/\/www.youtube.com\/embed\/vc2zUcUX6BE?start=70&#038;feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><figcaption class=\"wp-element-caption\"><em>See how to launch your first analysis in ANY.RUN using <a href=\"https:\/\/youtu.be\/vc2zUcUX6BE?si=gLofxF2mrH5_Tinh&amp;t=70\" target=\"_blank\" rel=\"noreferrer noopener\">this video<\/a><\/em><\/figcaption><\/figure>\n\n\n\n<p><a href=\"https:\/\/youtu.be\/vc2zUcUX6BE?si=gLofxF2mrH5_Tinh&amp;t=70\" target=\"_blank\" rel=\"noreferrer noopener\"><em>Watch the video<\/em> \u2192<\/a><\/p>\n\n\n\n<p>In order to set up a virtual machine (VM) for malware analysis in ANY.RUN, you need to create a new analysis session.&nbsp;<\/p>\n\n\n\n<p>Access an interactive tutorial by visiting <a href=\"https:\/\/app.any.run\/docs\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=newguide&amp;utm_content=faq\" target=\"_blank\" rel=\"noreferrer noopener\">the FAQ page<\/a>&#8216;s <strong>Tutorials tab <\/strong>and clicking the <strong>&#8220;How to analyze threats&#8221;<\/strong> button.&nbsp;<\/p>\n\n\n\n<p>In case you prefer written instructions, continue reading this article and follow these steps:<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Step 1: Open the new analysis window&nbsp;<\/h3>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"575\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-1-1-1024x575.png\" alt=\"\" class=\"wp-image-15883\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-1-1-1024x575.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-1-1-300x169.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-1-1-768x432.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-1-1-1536x863.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-1-1-370x208.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-1-1-270x152.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-1-1-740x416.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-1-1.png 1920w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Launch your analysis in two clicks<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>Click the <em>New analysis<\/em> button on the left sidebar to open the analysis window.&nbsp;&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Step 2: Choose an analysis mode<\/h3>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"636\" height=\"646\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-2-1.png\" alt=\"\" class=\"wp-image-15882\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-2-1.png 636w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-2-1-295x300.png 295w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-2-1-70x70.png 70w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-2-1-370x376.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-2-1-270x274.png 270w\" sizes=\"(max-width: 636px) 100vw, 636px\" \/><figcaption class=\"wp-element-caption\"><em>Switch to the Pro mode to customize your VM environment<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>The newly opened analysis window will be set to the User Mode by default, which lets you quickly analyze your file or link but limits your VM settings to only choosing an OS version:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Windows from 7 through 11 \u2014 32-bit or 64-bit versions.<\/li>\n\n\n\n<li>Linux \u2014 <a href=\"https:\/\/any.run\/cybersecurity-blog\/linux-in-anyrun\/\" target=\"_blank\" rel=\"noreferrer noopener\">Ubuntu<\/a> 22.04.2 &amp; <a href=\"https:\/\/any.run\/cybersecurity-blog\/arm-linux-malware-sandbox\/\" target=\"_blank\" rel=\"noreferrer noopener\">Debian<\/a> 12.2 (ARM, 64-bit).<\/li>\n\n\n\n<li><a href=\"https:\/\/any.run\/cybersecurity-blog\/android-malware-analysis\/\" target=\"_blank\" rel=\"noreferrer noopener\">Android 14 <\/a>(ARM, 64-bit).<\/li>\n<\/ul>\n\n\n\n<p>To open the rest of the VM customization features, enable the <em>Pro mode<\/em> by pressing the respective button on top of the analysis window.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Step 3: Configure the VM<\/h3>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"798\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-3-1-1024x798.png\" alt=\"\" class=\"wp-image-15880\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-3-1-1024x798.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-3-1-300x234.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-3-1-768x598.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-3-1-370x288.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-3-1-270x210.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-3-1-385x300.png 385w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-3-1-740x577.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-3-1.png 1041w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Open tooltips to explore every VM setting available to you<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>In the Pro mode, you can fine-tune your analysis environment. Click on the question mark icon in the top right corner to access tooltips with detailed explanations of each setting.&nbsp;&nbsp;<\/p>\n\n\n\n<p>After completing the VM setup, begin your analysis by pressing the <em>Run a private\/public analysis <\/em>button.&nbsp;<\/p>\n\n\n\n<p>Learn more: <a href=\"https:\/\/any.run\/cybersecurity-blog\/how-to-create-a-task\/\" target=\"_blank\" rel=\"noreferrer noopener\">Guide to Creating a new analysis in ANY.RUN<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Analyzing malware<\/strong>&nbsp;<\/h2>\n\n\n\n<p>Once your analysis is launched, you will be taken to a page where you will be able to analyze your sample in real time and, once it is done, review the findings of the investigation.<\/p>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nReduce MTTR, solve alert fatigue, and boost detection rates<br>Request 14-day trial of <span class=\"highlight\">ANY.RUN&#8217;s Sandbox<\/span> for your SOCs&nbsp;\n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/any.run\/demo\/\" rel=\"noopener\" target=\"_blank\">\nContact us\u00a0\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<p>Here are the things you can perform as part of your analysis:&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Interact with the sample&nbsp;<\/h3>\n\n\n\n<p>ANY.RUN enables you to manually interact with your sample in a VM environment like you would on a normal computer.&nbsp;<\/p>\n\n\n\n<p>You can run programs, open tabs in a browser, and even restart the system without delay.&nbsp;<\/p>\n\n\n\n<p>Learn more: <a href=\"https:\/\/any.run\/cybersecurity-blog\/interactive-malware-analysis\/\" target=\"_blank\" rel=\"noreferrer noopener\">Interactive Malware Analysis<\/a><\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"Laplas Clipper research\" width=\"770\" height=\"433\" src=\"https:\/\/www.youtube.com\/embed\/Wf797sOfJS8?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><figcaption class=\"wp-element-caption\"><em>The interactive VM lets you copy and paste any content via the Clipboard tool<\/em><\/figcaption><\/figure>\n\n\n\n<p><em><a href=\"https:\/\/youtu.be\/Wf797sOfJS8\" target=\"_blank\" rel=\"noreferrer noopener\">Watch the video \u2192<\/a><\/em><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Track network activity<\/h3>\n\n\n\n<figure class=\"wp-block-embed aligncenter is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"Track network activity\" width=\"770\" height=\"433\" src=\"https:\/\/www.youtube.com\/embed\/ey2kkBbnhME?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><figcaption class=\"wp-element-caption\"><em>You can view malware\u2019s connections and traffic<\/em>&nbsp;<\/figcaption><\/figure>\n\n\n\n<p><em><a href=\"https:\/\/youtu.be\/ey2kkBbnhME?si=KhONwb4TRN04zSr9\" target=\"_blank\" rel=\"noreferrer noopener\">Watch the video \u2192<\/a><\/em><\/p>\n\n\n\n<p>The Network section monitors and records network activity as it is occurring and provides the following information:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>HTTP Requests:<\/strong> Displays details of connection requests, including URL connection response and content&nbsp;<\/li>\n\n\n\n<li><strong>Connections: <\/strong>Shows other protocols that were not mentioned in HTTP Requests&nbsp;<\/li>\n\n\n\n<li><strong>DNS Requests:<\/strong> Indicates the correlation between a domain name and IP address&nbsp;<\/li>\n\n\n\n<li><strong>Threats: <\/strong>Detects intrusion using Suricata rules (<a href=\"https:\/\/any.run\/cybersecurity-blog\/detection-with-suricata-ids\/\" target=\"_blank\" rel=\"noreferrer noopener\">Detection with Suricata IDS<\/a>)<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"875\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/networkstream-1024x875.webp\" alt=\"\" class=\"wp-image-5995\" style=\"width:650px;height:555px\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/networkstream-1024x875.webp 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/networkstream-300x256.webp 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/networkstream-768x657.webp 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/networkstream-370x316.webp 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/networkstream-270x231.webp 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/networkstream-740x633.webp 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/networkstream.webp 1109w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Use network stream analysis to expose evasive malware<\/em>&nbsp;<\/figcaption><\/figure>\n\n\n\n<p>You can examine traffic packet by packet using the Network stream feature, enabling you to identify unusual patterns or connections, stolen data, C2 addresses, proxies, and downloaded files.&nbsp;<\/p>\n\n\n\n<p>Learn more: <a href=\"https:\/\/any.run\/cybersecurity-blog\/analyzing-the-network-stream\/\" target=\"_blank\" rel=\"noreferrer noopener\">Analyzing the Network Stream<\/a><\/p>\n\n\n\n<p><strong>Let us show you how ANY.RUN can help your SOC team &#8211; book a call with us<\/strong> \u2b07\ufe0f<\/p>\n\n\n\n<!-- Calendly inline widget begin -->\n<div class=\"calendly-inline-widget\" data-url=\"https:\/\/calendly.com\/d\/3nd-rzd-xvx\/any-run-demo-blog?hide_event_type_details=1&#038;hide_gdpr_banner=1&#038;primary_color=00b0e8\" style=\"min-width:320px;height:700px;\"><\/div>\n<script type=\"text\/javascript\" src=\"https:\/\/assets.calendly.com\/assets\/external\/widget.js\" async><\/script>\n<!-- Calendly inline widget end -->\n\n\n\n<h3 class=\"wp-block-heading\">Review modified files<\/h3>\n\n\n\n<figure class=\"wp-block-embed aligncenter is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"Review modified files\" width=\"770\" height=\"433\" src=\"https:\/\/www.youtube.com\/embed\/_v84JYxquwI?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><figcaption class=\"wp-element-caption\"><em>Easily switch between the Network and Files sections<\/em>&nbsp;<\/figcaption><\/figure>\n\n\n\n<p><em><a href=\"https:\/\/youtu.be\/_v84JYxquwI?si=t2F6MSNZrYTiCbM0\" target=\"_blank\" rel=\"noreferrer noopener\">Watch the video \u2192<\/a><\/em><\/p>\n\n\n\n<p>The Files Modification section lists all files used during the analysis. Click on each file\u2019s content to access downloadable Static discovering data.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"628\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/staticdisc-1024x628.webp\" alt=\"\" class=\"wp-image-5997\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/staticdisc-1024x628.webp 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/staticdisc-300x184.webp 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/staticdisc-768x471.webp 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/staticdisc-370x227.webp 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/staticdisc-270x166.webp 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/staticdisc-740x454.webp 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/staticdisc.webp 1045w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Static discovering enables you to gain insight into any file<\/em>&nbsp;<\/figcaption><\/figure>\n\n\n\n<p>ANY.RUN\u2019s Static discovering feature is modular, letting you analyze a wide range of file types including PDF, LNK, ZIP, RAR, Office documents, and others.&nbsp;&nbsp;<\/p>\n\n\n\n<p>Learn more: <a href=\"https:\/\/any.run\/cybersecurity-blog\/static-discovery-update\/\" target=\"_blank\" rel=\"noreferrer noopener\">Static Analysis for Various File Types<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Utilize debugging<\/h3>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"256\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/debug-1024x256.webp\" alt=\"\" class=\"wp-image-5998\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/debug-1024x256.webp 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/debug-300x75.webp 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/debug-768x192.webp 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/debug-1536x384.webp 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/debug-370x92.webp 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/debug-270x67.webp 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/debug-740x185.webp 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/debug.webp 1906w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Debugging can come in handy when handling certain malware families<\/em><\/figcaption><\/figure>\n\n\n\n<p>The Debug section displays information on how to debug the program afterward. If you happen to encounter malware like Dridex, debug output messages will be helpful in your investigation.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Inspect processes<\/h3>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"576\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-15-1024x576.webp\" alt=\"\" class=\"wp-image-5999\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-15-1024x576.webp 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-15-300x169.webp 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-15-768x432.webp 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-15-1536x864.webp 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-15-370x208.webp 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-15-270x152.webp 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-15-740x416.webp 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-15.webp 1920w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>The process tree depicts processes taking place in real time<\/em>&nbsp;<\/figcaption><\/figure>\n\n\n\n<p>The Processes section lays out a hierarchical view of all processes, accompanied by corresponding indicators.&nbsp;&nbsp;<\/p>\n\n\n\n<p>Learn more: <a href=\"https:\/\/any.run\/cybersecurity-blog\/indicators-tags\/\" target=\"_blank\" rel=\"noreferrer noopener\">Indicators and Tags Used in ANY.RUN<\/a><\/p>\n\n\n\n<p>To investigate a specific process, simply click on it. This will bring up the Process details window, from which you can navigate to the Advanced details by pressing the <em>More info<\/em> button.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"513\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/moreinfo-1024x513.webp\" alt=\"\" class=\"wp-image-6000\" style=\"width:650px;height:325px\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/moreinfo-1024x513.webp 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/moreinfo-300x150.webp 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/moreinfo-768x385.webp 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/moreinfo-370x186.webp 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/moreinfo-270x135.webp 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/moreinfo-740x371.webp 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/moreinfo.webp 1057w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>By clicking on a process, you can discover more information on it<\/em>&nbsp;<\/figcaption><\/figure>\n\n\n\n<p>The Advanced details menu can help you track the timeline of any process.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"572\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/advanced.webp\" alt=\"\" class=\"wp-image-6001\" style=\"width:650px;height:363px\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/advanced.webp 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/advanced-300x168.webp 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/advanced-768x429.webp 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/advanced-370x207.webp 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/advanced-270x151.webp 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/advanced-740x413.webp 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Advanced details let you discover extra information about processes<\/em><\/figcaption><\/figure>\n\n\n\n<p>Additionally, here you can download process dumps. The complete list of process details includes:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Modified files \/ Files in a raw view;&nbsp;<\/li>\n\n\n\n<li>Registry changes \/ Registry keys;&nbsp;<\/li>\n\n\n\n<li>Synchronization;&nbsp;<\/li>\n\n\n\n<li>HTTP Requests;&nbsp;<\/li>\n\n\n\n<li>Connections;&nbsp;<\/li>\n\n\n\n<li>Network threats;&nbsp;<\/li>\n\n\n\n<li>Modules;&nbsp;<\/li>\n\n\n\n<li>Debug.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>Learn more: <a href=\"https:\/\/any.run\/cybersecurity-blog\/malware-details\/\" target=\"_blank\" rel=\"noreferrer noopener\">Fast and Simple Access to Malware Details<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Access malware analysis reports<\/h3>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"576\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-_14_-1024x576.webp\" alt=\"\" class=\"wp-image-6002\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-_14_-1024x576.webp 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-_14_-300x169.webp 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-_14_-768x432.webp 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-_14_-1536x864.webp 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-_14_-370x208.webp 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-_14_-270x152.webp 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-_14_-740x416.webp 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-_14_.webp 1920w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>This segment contains the malware analysis data that you can download<\/em>&nbsp;<\/figcaption><\/figure>\n\n\n\n<p>In the top right corner, you can view the key threat information generated as part of the analysis, including:&nbsp;<\/p>\n\n\n\n<p><strong>Indicators of compromise (IOCs)<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"723\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/iocsanotherscreen-1024x723.webp\" alt=\"\" class=\"wp-image-6003\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/iocsanotherscreen-1024x723.webp 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/iocsanotherscreen-300x212.webp 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/iocsanotherscreen-768x543.webp 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/iocsanotherscreen-370x261.webp 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/iocsanotherscreen-270x191.webp 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/iocsanotherscreen-740x523.webp 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/iocsanotherscreen.webp 1363w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>ANY.RUN helps you collect fresh IOCs of the latest threats<\/em>&nbsp;<\/figcaption><\/figure>\n\n\n\n<p>Indicators of compromise are an essential piece of information that you can use for timely detection of malware.&nbsp;<\/p>\n\n\n\n<p>Learn more: <a href=\"https:\/\/any.run\/cybersecurity-blog\/indicators-of-compromise\/\" target=\"_blank\" rel=\"noreferrer noopener\">Indicators of Compromise<\/a><\/p>\n\n\n\n<p><strong>Malware\u2019s configuration<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"688\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/malconfig-1024x688.webp\" alt=\"\" class=\"wp-image-6004\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/malconfig-1024x688.webp 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/malconfig-300x201.webp 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/malconfig-768x516.webp 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/malconfig-370x249.webp 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/malconfig-270x181.webp 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/malconfig-740x497.webp 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/malconfig.webp 1468w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>ANY.RUN offers configurations for dozens of malware families<\/em>&nbsp;<\/figcaption><\/figure>\n\n\n\n<p>Malware configurations can include a variety of information, such as IP addresses and ports of C2 servers, malware family name, type, and version, encryption keys, anti-debugging, anti-sandbox, and other evasion methods, and much more.&nbsp;&nbsp;<\/p>\n\n\n\n<p>Learn more: <a href=\"https:\/\/any.run\/cybersecurity-blog\/malware-configuration\/\" target=\"_blank\" rel=\"noreferrer noopener\">Dive into Analysis with Malware Configuration<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>MITRE ATT&amp;CK Matrix<\/strong><\/h3>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"584\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/matrix-1024x584.webp\" alt=\"\" class=\"wp-image-6005\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/matrix-1024x584.webp 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/matrix-300x171.webp 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/matrix-768x438.webp 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/matrix-370x211.webp 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/matrix-270x154.webp 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/matrix-740x422.webp 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/matrix.webp 1439w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Analyze malware and see which tactics it employs<\/em>&nbsp;<\/figcaption><\/figure>\n\n\n\n<p>The built-in MITRE ATT&amp;CK Matrix allows you to view the techniques utilized by the malware with action mapping and explore each of them.&nbsp;<\/p>\n\n\n\n<p>Learn more: <a href=\"https:\/\/any.run\/cybersecurity-blog\/mitre-attack\/\" target=\"_blank\" rel=\"noreferrer noopener\">MITRE ATT&amp;CK Matrix<\/a><\/p>\n\n\n\n<p><strong>Private AI Assistant for Malware Analysis in ANY.RUN Sandbox<\/strong><\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"579\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/10\/image8-2-1024x579.png\" alt=\"\" class=\"wp-image-9162\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/10\/image8-2-1024x579.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/10\/image8-2-300x170.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/10\/image8-2-768x434.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/10\/image8-2-1536x869.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/10\/image8-2-2048x1158.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/10\/image8-2-370x209.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/10\/image8-2-270x153.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/10\/image8-2-740x419.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>AI reviews inside ANY.RUN\u2019s sandbox analysis session<\/em><\/figcaption><\/figure><\/div>\n\n\n<p>This feature provides you with a deeper understanding of malware\u2019s behavior by providing AI-powered explanations of important elements, such as processes, rules, and connections. &nbsp;<\/p>\n\n\n\n<p>To use this feature, simply click on the <em>AI<\/em> button next to any important element in your report.&nbsp;&nbsp;<\/p>\n\n\n\n<p>Learn more: <a href=\"https:\/\/any.run\/cybersecurity-blog\/private-ai-for-malware-analysis\/\" target=\"_blank\" rel=\"noreferrer noopener\">Private AI assistant for malware analysis<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Malware analysis text report<\/strong><\/h3>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"594\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/report1_1-1024x594.webp\" alt=\"\" class=\"wp-image-6007\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/report1_1-1024x594.webp 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/report1_1-300x174.webp 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/report1_1-768x445.webp 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/report1_1-1536x890.webp 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/report1_1-370x214.webp 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/report1_1-270x157.webp 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/report1_1-740x429.webp 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/report1_1.webp 1863w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Each analysis provides a report on the sample which includes IOCs and TTPs <\/em><\/figcaption><\/figure>\n\n\n\n<p>The sandbox generates a comprehensive report for each file and URL you analyze. It includes all of the details we mentioned earlier. &nbsp;<\/p>\n\n\n\n<p>The report can be exported in your preferred format, including JSON and HTML.&nbsp;<\/p>\n\n\n\n<p>Learn more: <a href=\"https:\/\/any.run\/cybersecurity-blog\/malware-analysis-report\/\" target=\"_blank\" rel=\"noreferrer noopener\">Malware Analysis Report in One Click<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Restart the analysis<\/h3>\n\n\n\n<p>You can always restart any analysis with different VM settings to test a sample in a new environment.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Working with public malware samples<\/strong><\/h2>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"576\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/submissions-1024x576.webp\" alt=\"\" class=\"wp-image-6008\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/submissions-1024x576.webp 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/submissions-300x169.webp 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/submissions-768x432.webp 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/submissions-1536x864.webp 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/submissions-370x208.webp 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/submissions-270x152.webp 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/submissions-740x416.webp 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/submissions.webp 1920w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Use the database to stay up-to-date on the latest threats.<\/em>&nbsp;<\/figcaption><\/figure>\n\n\n\n<p>In addition to analyzing your own samples, you can access ANY.RUN\u2019s database of over 6 million malware samples submitted by users from around the world.&nbsp;<\/p>\n\n\n\n<p>Learn more: <a href=\"https:\/\/any.run\/cybersecurity-blog\/free-malware-samples-reports\/\" target=\"_blank\" rel=\"noreferrer noopener\">How to Get Free Malware Samples and Reports<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Managing a team<\/strong>&nbsp;<\/h2>\n\n\n\n<p>All Enterprise Suite users can take advantage of the Teamwork feature that allows analysts to work together on different samples in real time. \u00a0<\/p>\n\n\n\n<p>It makes it easy to monitor your team&#8217;s activities and train junior analysts. It is also a great way to track productivity and manage large, dynamic teams.<\/p>\n\n\n\n<figure class=\"wp-block-embed aligncenter is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"How to organize teamwork using ANY.RUN\" width=\"770\" height=\"433\" src=\"https:\/\/www.youtube.com\/embed\/Y_31GE4BRN4?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><figcaption class=\"wp-element-caption\"><em>Teamwork can significantly improve the efficiency of your team.<\/em>&nbsp;<\/figcaption><\/figure>\n\n\n\n<p><em><a href=\"https:\/\/youtu.be\/Y_31GE4BRN4\" target=\"_blank\" rel=\"noreferrer noopener\">Watch the video \u2192<\/a><\/em><\/p>\n\n\n\n<p>Here are some of its benefits:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Real-time collaboration: <\/strong>Analysts can join their forces, saving time and improving accuracy.&nbsp;<\/li>\n\n\n\n<li><strong>Common analysis history: <\/strong>Team history can be configured to show all analyses, only the leader&#8217;s analyses, or only links to the leader&#8217;s analyses.&nbsp;<\/li>\n\n\n\n<li><strong>Employee activity tracking: <\/strong>Team leaders can view employee activity, which can help them identify areas where training or extra resources are needed.&nbsp;<\/li>\n\n\n\n<li><strong>Subscription management: <\/strong>Team leaders can manage subscriptions and assign licenses to team members.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>Learn more: <a href=\"https:\/\/any.run\/cybersecurity-blog\/teamwork\/\" target=\"_blank\" rel=\"noreferrer noopener\">Teamwork<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Using Live Attack Data from 15K SOCs in Threat Intelligence Lookup<\/h2>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"603\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image6-1-1024x603.png\" alt=\"\" class=\"wp-image-14811\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image6-1-1024x603.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image6-1-300x177.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image6-1-768x452.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image6-1-1536x904.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image6-1-370x218.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image6-1-270x159.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image6-1-740x436.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/07\/image6-1.png 1833w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>TI Lookup provides access to an extensive database of the latest IOCs, IOBs, and IOAs<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p><a href=\"https:\/\/intelligence.any.run\/analysis\/lookup\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=newguide&amp;utm_content=linktolookup\" target=\"_blank\" rel=\"noreferrer noopener\">Threat Intelligence Lookup<\/a>&nbsp;is ANY.RUN\u2019s key solution for working with threat intelligence. It simplifies and accelerates different stages of malware investigations, from proactive monitoring to gaining insights for incident response. As a result, you get to ensure a better defense against cyber threats for your company.&nbsp;<\/p>\n\n\n\n<p>In practice, this means that TI Lookup provides you with Indicators of&nbsp;<a href=\"https:\/\/any.run\/cybersecurity-blog\/iocs-iobs-ioas-explained\/\" target=\"_blank\" rel=\"noreferrer noopener\">Compromise (IOCs), Attack (IOAs), and Behavior (IOBs)<\/a>. It not only links each indicator to an attack or sample but also showcases its behavior inside the sandbox.&nbsp;<\/p>\n\n\n\n<p>The source of indicators is unique: all data comes from millions of malware analysis sessions done in ANY.RUN\u2019s Interactive Sandbox. TI Lookup allows you to tap into it to gain invaluable insights into real threats targeting&nbsp;<a href=\"https:\/\/any.run\/cybersecurity-blog\/threat-intelligence-from-organizations\/\" target=\"_blank\" rel=\"noreferrer noopener\">15,000 companies<\/a>&nbsp;in finance, manufacturing, transportation, government, and other industries right now.<\/p>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nStart your threat investigation in <span class=\"highlight\">TI Lookup<\/span> right away<br> Triage alerts and handle incidents faster with rich context&nbsp;   \n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/intelligence.any.run\/analysis\/lookup\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=newguide&#038;utm_content=linktolookup\" target=\"_blank\" rel=\"noopener\">\nTry now.\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Conclusion<\/strong>&nbsp;<\/h2>\n\n\n\n<p>ANY.RUN&#8217;s Interactive Sandbox is your best solution for both static and dynamic malware analysis.<\/p>\n\n\n\n<p>Run an unlimited number of analyses, explore millions of reports and malware samples, and collect valuable data by studying the ins and outs of malicious programs and links. &nbsp;<\/p>\n\n\n\n<p>With our cloud-based sandbox, your threat investigations will become a walk in the park.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">About ANY.RUN<\/h2>\n\n\n\n<p>Over 500,000 cybersecurity professionals and 15,000+ companies in finance, manufacturing, healthcare, and other sectors rely on <a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=newguide&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN<\/a>. Our services streamline malware and phishing investigations for organizations worldwide.&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Speed up triage and response: <\/strong>Detonate suspicious files using ANY.RUN\u2019s <a href=\"http:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=ti_lookup_now_free&amp;utm_term=160725&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\">Interactive Sandbox<\/a> to observe malicious behavior in real time and collect insights for faster and more confident security decisions.&nbsp;&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Improve threat detection: <\/strong>ANY.RUN\u2019s <a href=\"https:\/\/intelligence.any.run\/analysis\/lookup\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=newguide&amp;utm_content=linktolookup\" target=\"_blank\" rel=\"noreferrer noopener\">Threat Intelligence Lookup<\/a> and <a href=\"https:\/\/intelligence.any.run\/feeds\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=newguide&amp;utm_content=linktotifeeds\" target=\"_blank\" rel=\"noreferrer noopener\">TI Feeds<\/a> provide actionable insights into cyber attacks, improving detection and deepening understanding of evolving threats.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p><a href=\"https:\/\/any.run\/demo\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=newguide&amp;utm_content=linktodemo\" target=\"_blank\" rel=\"noreferrer noopener\">Request trial of ANY.RUN\u2019s services to see how they can boost your SOC workflows<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Welcome to ANY.RUN! This crash course will walk you through the basics of using our interactive sandbox to help you achieve your malware analysis goals.&nbsp; Let\u2019s get started!&nbsp; About ANY.RUN&#8217;s Interactive Sandbox ANY.RUN\u2019s Interactive Sandbox enables security teams to rapidly analyze suspicious files and URLs to detect evasive malware and phishing threats early. The solution [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":6011,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[57,58,34],"class_list":["post-5988","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-instructions","tag-anyrun","tag-cybersecurity-training","tag-malware-analysis"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.10 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>A Guide to Malware Analysis with a Sandbox<\/title>\n<meta name=\"description\" content=\"Discover how you can analyze malware using the free ANY.RUN sandbox and collect indicators of compromise of the latest threats.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/any.run\/cybersecurity-blog\/malware-analysis-in-a-sandbox\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ANY.RUN\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"13 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/malware-analysis-in-a-sandbox\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/malware-analysis-in-a-sandbox\/\"},\"author\":{\"name\":\"ANY.RUN\",\"@id\":\"https:\/\/any.run\/\"},\"headline\":\"Malware Analysis in ANY.RUN: The Ultimate Guide\u00a0\",\"datePublished\":\"2023-10-17T09:25:13+00:00\",\"dateModified\":\"2026-03-19T11:59:34+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/malware-analysis-in-a-sandbox\/\"},\"wordCount\":2149,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"keywords\":[\"ANYRUN\",\"cybersecurity training\",\"malware analysis\"],\"articleSection\":[\"Instructions on ANY.RUN\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/malware-analysis-in-a-sandbox\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/malware-analysis-in-a-sandbox\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/malware-analysis-in-a-sandbox\/\",\"name\":\"A Guide to Malware Analysis with a Sandbox\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/\"},\"datePublished\":\"2023-10-17T09:25:13+00:00\",\"dateModified\":\"2026-03-19T11:59:34+00:00\",\"description\":\"Discover how you can analyze malware using the free ANY.RUN sandbox and collect indicators of compromise of the latest threats.\",\"breadcrumb\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/malware-analysis-in-a-sandbox\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/malware-analysis-in-a-sandbox\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/malware-analysis-in-a-sandbox\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Instructions on ANY.RUN\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/category\/instructions\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Malware Analysis in ANY.RUN: The Ultimate Guide\u00a0\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN&#039;s Cybersecurity Blog\",\"description\":\"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.\",\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/any.run\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"url\":\"https:\/\/any.run\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"contentUrl\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"width\":1,\"height\":1,\"caption\":\"ANY.RUN\"},\"image\":{\"@id\":\"https:\/\/any.run\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/www.any.run\/\",\"https:\/\/twitter.com\/anyrun_app\",\"https:\/\/www.linkedin.com\/company\/30692044\",\"https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"caption\":\"ANY.RUN\"},\"url\":\"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"A Guide to Malware Analysis with a Sandbox","description":"Discover how you can analyze malware using the free ANY.RUN sandbox and collect indicators of compromise of the latest threats.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/any.run\/cybersecurity-blog\/malware-analysis-in-a-sandbox\/","twitter_misc":{"Written by":"ANY.RUN","Est. reading time":"13 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/any.run\/cybersecurity-blog\/malware-analysis-in-a-sandbox\/#article","isPartOf":{"@id":"https:\/\/any.run\/cybersecurity-blog\/malware-analysis-in-a-sandbox\/"},"author":{"name":"ANY.RUN","@id":"https:\/\/any.run\/"},"headline":"Malware Analysis in ANY.RUN: The Ultimate Guide\u00a0","datePublished":"2023-10-17T09:25:13+00:00","dateModified":"2026-03-19T11:59:34+00:00","mainEntityOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/malware-analysis-in-a-sandbox\/"},"wordCount":2149,"commentCount":0,"publisher":{"@id":"https:\/\/any.run\/"},"keywords":["ANYRUN","cybersecurity training","malware analysis"],"articleSection":["Instructions on ANY.RUN"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/any.run\/cybersecurity-blog\/malware-analysis-in-a-sandbox\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/any.run\/cybersecurity-blog\/malware-analysis-in-a-sandbox\/","url":"https:\/\/any.run\/cybersecurity-blog\/malware-analysis-in-a-sandbox\/","name":"A Guide to Malware Analysis with a Sandbox","isPartOf":{"@id":"https:\/\/any.run\/"},"datePublished":"2023-10-17T09:25:13+00:00","dateModified":"2026-03-19T11:59:34+00:00","description":"Discover how you can analyze malware using the free ANY.RUN sandbox and collect indicators of compromise of the latest threats.","breadcrumb":{"@id":"https:\/\/any.run\/cybersecurity-blog\/malware-analysis-in-a-sandbox\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/any.run\/cybersecurity-blog\/malware-analysis-in-a-sandbox\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/any.run\/cybersecurity-blog\/malware-analysis-in-a-sandbox\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/any.run\/cybersecurity-blog\/"},{"@type":"ListItem","position":2,"name":"Instructions on ANY.RUN","item":"https:\/\/any.run\/cybersecurity-blog\/category\/instructions\/"},{"@type":"ListItem","position":3,"name":"Malware Analysis in ANY.RUN: The Ultimate Guide\u00a0"}]},{"@type":"WebSite","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/","name":"ANY.RUN&#039;s Cybersecurity Blog","description":"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.","publisher":{"@id":"https:\/\/any.run\/"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/any.run\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/any.run\/","name":"ANY.RUN","url":"https:\/\/any.run\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","width":1,"height":1,"caption":"ANY.RUN"},"image":{"@id":"https:\/\/any.run\/"},"sameAs":["https:\/\/www.facebook.com\/www.any.run\/","https:\/\/twitter.com\/anyrun_app","https:\/\/www.linkedin.com\/company\/30692044","https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ"]},{"@type":"Person","@id":"https:\/\/any.run\/","name":"ANY.RUN","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","caption":"ANY.RUN"},"url":"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/"}]}},"_links":{"self":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/5988"}],"collection":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/comments?post=5988"}],"version-history":[{"count":54,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/5988\/revisions"}],"predecessor-version":[{"id":19352,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/5988\/revisions\/19352"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media\/6011"}],"wp:attachment":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media?parent=5988"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/categories?post=5988"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/tags?post=5988"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}