{"id":6091,"date":"2023-11-01T05:40:18","date_gmt":"2023-11-01T05:40:18","guid":{"rendered":"\/cybersecurity-blog\/?p=6091"},"modified":"2024-09-20T12:12:21","modified_gmt":"2024-09-20T12:12:21","slug":"8-malware-sandbox-features","status":"publish","type":"post","link":"https:\/\/any.run\/cybersecurity-blog\/8-malware-sandbox-features\/","title":{"rendered":"8 ANY.RUN Features you Need to Know About"},"content":{"rendered":"\n<p><a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article_bottom&amp;utm_campaign=8features&amp;utm_content=landing&amp;utm_term=011123\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN<\/a> is an online sandbox designed for real-time malware analysis. It provides instant threat assessments and lets you interact with potentially harmful samples safely within a virtual machine.&nbsp;<\/p>\n\n\n\n<p>Our sandbox is easy to start with but has deeper features you&#8217;ll want to master. In this article, we&#8217;ve compiled a list of less obvious but highly useful features that can make a big difference in specific situations.&nbsp;<\/p>\n\n\n\n<p><strong>Let\u2019s get started!<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"589\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/features1-1024x589.webp\" alt=\"\" class=\"wp-image-6092\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/features1-1024x589.webp 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/features1-300x173.webp 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/features1-768x442.webp 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/features1-1536x884.webp 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/features1-2048x1179.webp 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/features1-370x213.webp 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/features1-270x155.webp 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/features1-740x426.webp 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Task home screen tips and tricks\u00a0<\/strong><\/h3>\n\n\n\n<p>On the main task screen \u2014 which is shown above \u2014 you can access VM emulation through our VMC stream. It also shows real-time activity for processes, files, and network traffic.&nbsp;<\/p>\n\n\n\n<p>The interface focuses on delivering key insights quickly and is generally self-explanatory. However, there are some tips and tricks worth noting.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"589\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f2-1024x589.webp\" alt=\"\" class=\"wp-image-6094\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f2-1024x589.webp 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f2-300x173.webp 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f2-768x442.webp 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f2-1536x884.webp 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f2-2048x1178.webp 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f2-370x213.webp 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f2-270x155.webp 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f2-740x426.webp 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">1. Unchecking \u201cOnly important\u201d&nbsp;<\/h2>\n\n\n\n<p>By default, the process view displays only important, malicious or suspicious processes. To see all processes running in the virtual machine, simply uncheck this filter.&nbsp;<\/p>\n\n\n\n<p>This can be useful when you&#8217;re conducting a deep-dive analysis and don&#8217;t want to miss any potential IOCs. Sometimes, even processes that appear benign can exhibit malicious behavior when looked at in the context of other system activities.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"589\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f3-1024x589.webp\" alt=\"\" class=\"wp-image-6095\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f3-1024x589.webp 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f3-300x172.webp 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f3-768x441.webp 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f3-1536x883.webp 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f3-2048x1177.webp 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f3-370x213.webp 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f3-270x155.webp 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f3-740x425.webp 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">2. Viewing TTPs for each process&nbsp;<\/h2>\n\n\n\n<p>You can click on a process to view its details, then scroll down to see a list of Tactics, Techniques, and Procedures generated by that process. TTPs give you insights into the threat&#8217;s behavior and containment strategies.&nbsp;<\/p>\n\n\n\n<p>This feature let\u2019s you quickly get a clear view of what the malware aims to do \u2014 whether it&#8217;s lateral movement, data exfiltration, privilege escalation, or any other suspicious activities. This knowledge helps you to prioritize your containment and mitigation steps effectively, allowing for a more targeted response.<\/p>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nEasily <span class=\"highlight\">analyze malware<\/span> in ANY.RUN interactive sandbox&nbsp;\n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/app.any.run\/#register\/\" rel=\"noopener\" target=\"_blank\">\nGet started for free\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"586\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f4-1024x586.webp\" alt=\"\" class=\"wp-image-6096\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f4-1024x586.webp 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f4-300x172.webp 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f4-768x439.webp 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f4-1536x878.webp 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f4-2048x1171.webp 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f4-370x212.webp 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f4-270x154.webp 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f4-740x423.webp 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">3. Accessing process details from graph view<\/h2>\n\n\n\n<p>You don&#8217;t have to leave the graph view to see process details. Just click on any process and the same pop-up you&#8217;d see in the process tree will appear.&nbsp;<\/p>\n\n\n\n<p>This is very useful when so many processes spawn that they do not easily fit into the process tree view. Also, this feature saves you extra clicks and, more importantly, lets you analyze process details while also viewing their connections to other&nbsp;activities of the sample.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-video\"><video controls src=\"\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/Full-screen.mp4\"><\/video><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">4. Accessing the full screen or new window mode&nbsp;<\/h2>\n\n\n\n<p>While the task is active, you can switch to full-screen VNC stream mode or open the VNC screen in a separate window.\u00a0<\/p>\n\n\n\n<p>This is useful for focusing on the VNC content, displaying it on a different monitor, or running a demo using our virtual machine to mimic a real computer.<\/p>\n\n\n\n<figure class=\"wp-block-video\"><video controls src=\"\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/Task-to-tracker.mp4\"><\/video><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">5. Learning more about a threat in our Tracker&nbsp;<\/h2>\n\n\n\n<p>Our <a href=\"https:\/\/any.run\/malware-trends\/\" target=\"_blank\" rel=\"noreferrer noopener\">Malware Trends Tracker<\/a> gives you details on recent samples, their popularity, and associated IOCs from public tasks that detected the threat. It also outlines the threat&#8217;s general behavior and execution patterns.&nbsp;<\/p>\n\n\n\n<p>You can quickly jump to MTT to learn about the malware you are dealing with by clicking on the link in the top-right corner of the screen. This is also very useful for quickly collecting IOCs from a range of similar samples encountered by other researchers.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"587\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f5-1024x587.webp\" alt=\"\" class=\"wp-image-6097\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f5-1024x587.webp 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f5-300x172.webp 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f5-768x440.webp 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f5-1536x881.webp 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f5-2048x1175.webp 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f5-370x212.webp 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f5-270x155.webp 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f5-740x424.webp 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Advanced processed details tips and tricks&nbsp;<\/h3>\n\n\n\n<p>Clicking <strong>More info <\/strong>after selecting a process in the tree or graph takes you to a view showing in-depth event information for that process.&nbsp;<\/p>\n\n\n\n<p>This view \u2014 called Advanced Process Details or ADP \u2014 is handy for deep investigations, letting you examine specific behaviors like HTTP request content. Here are a few handy tips for working with the ADP view.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"589\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f6-1024x589.webp\" alt=\"\" class=\"wp-image-6098\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f6-1024x589.webp 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f6-300x173.webp 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f6-768x442.webp 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f6-1536x884.webp 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f6-2048x1178.webp 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f6-370x213.webp 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f6-270x155.webp 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f6-740x426.webp 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">6. Viewing ChatGPT reports for individual events\u00a0<\/h2>\n\n\n\n<p>You can generate ChatGPT reports that focus on the entire task or choose to narrow it down to specific events. Just select an individual event from the event list to create a targeted AI report. This works for modified files, registry changes, synchronization, and HTTP requests.&nbsp;<\/p>\n\n\n\n<p>Using ChatGPT reports to focus on individual events simplifies the interpretation process. For a malware analyst, you get plain-English explanations of events like modified files or HTTP requests. This helps you quickly grasp the implications of each event.&nbsp;<\/p>\n\n\n\n<p>Note, that due to data privacy considerations ChatGPT reports currently only work for public tasks.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"588\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f9-1024x588.webp\" alt=\"\" class=\"wp-image-6110\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f9-1024x588.webp 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f9-300x172.webp 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f9-768x441.webp 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f9-1536x882.webp 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f9-2048x1176.webp 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f9-370x212.webp 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f9-270x155.webp 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f9-740x425.webp 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">7. Using RAW mode view to see more events\u00a0<\/h2>\n\n\n\n<p>By default, opening an events tab displays it in <strong>Simple <\/strong>mode. This filters events to only show the most critical ones. For instance, in the <strong>Modified files <\/strong>tab it highlights file changes like file modifications, creations, and deletions. However, simple mode might not give you a comprehensive view of what&#8217;s happening.&nbsp;<\/p>\n\n\n\n<p>For example, some malware variants check the presence of files and directories specific for AV software. They halt their execution if they detect AV software capable of identifying them. Switching to <strong>Raw<\/strong> view expands the filter criteria, revealing additional events. In the <a href=\"https:\/\/app.any.run\/tasks\/12ecfcb8-f36c-48e5-99a8-770166f85904\/?utm_source=anyrunblog&amp;utm_medium=article_bottom&amp;utm_campaign=8features&amp;utm_content=task&amp;utm_term=011123\" target=\"_blank\" rel=\"noreferrer noopener\">example task above<\/a>, if the <strong>aaa_TouchMeNot.txt <\/strong>file is present, the malware doesn\u2019t execute. Being able to see additional events is crucial for gaining a complete understanding of the execution process.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"580\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f8-1024x580.webp\" alt=\"\" class=\"wp-image-6102\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f8-1024x580.webp 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f8-300x170.webp 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f8-768x435.webp 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f8-1536x870.webp 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f8-2048x1160.webp 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f8-370x210.webp 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f8-270x153.webp 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/11\/f8-740x419.webp 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">8. Analyzing certificates\u00a0<\/h2>\n\n\n\n<p>Go to the code signing tab&nbsp;to see detailed information on certificates for both the module and the process \u2014 as shown in <a href=\"https:\/\/app.any.run\/tasks\/ad906a98-9d81-44da-8092-822601df7a81\/?utm_source=anyrunblog&amp;utm_medium=article_bottom&amp;utm_campaign=8features&amp;utm_content=task&amp;utm_term=011123\" target=\"_blank\" rel=\"noreferrer noopener\">this task<\/a>. You can also download them. Watch out for unsigned, expired, or untrusted certificates as they&#8217;re often signs of malicious content. For additional verification, you can generate a ChatGPT report specifically focused on the certificate.&nbsp;<\/p>\n\n\n\n<p>Ultimately, identifying problematic enables faster decision-making on whether a process or module is malicious.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"ANY.RUN Features for Power Users\" width=\"770\" height=\"433\" src=\"https:\/\/www.youtube.com\/embed\/6C7-BVle-UM?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Wrapping up&nbsp;<\/h2>\n\n\n\n<p>Those are some under-the-radar tips to help you maximize your use of ANY.RUN. Did you find these tips useful? Want more compilations like this? Share your thoughts in the comments below.\u00a0<\/p>\n\n\n\n<p><strong>A few words about ANY.RUN<\/strong>&nbsp;<\/p>\n\n\n\n<p>ANY.RUN is a cloud malware sandbox that handles the heavy lifting of malware analysis for SOC and DFIR teams. Every day, 300,000 professionals use our platform to investigate incidents and streamline threat analysis.&nbsp; &nbsp;<\/p>\n\n\n\n<p>Request a demo today and enjoy 14 days of free access to our Enterprise plan.&nbsp;&nbsp; &nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/any.run\/demo\/?utm_source=anyrunblog&amp;utm_medium=article_bottom&amp;utm_campaign=8features&amp;utm_content=trial&amp;utm_term=011123\" target=\"_blank\" rel=\"noreferrer noopener\">Request demo \u2192<\/a>&nbsp;&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>ANY.RUN is an online sandbox designed for real-time malware analysis. It provides instant threat assessments and lets you interact with potentially harmful samples safely within a virtual machine.&nbsp; Our sandbox is easy to start with but has deeper features you&#8217;ll want to master. In this article, we&#8217;ve compiled a list of less obvious but highly [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":6105,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[57,58,54,34],"class_list":["post-6091","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-lifehacks","tag-anyrun","tag-cybersecurity-training","tag-features","tag-malware-analysis"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.10 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>8 ANY.RUN Features you Need to Know About - ANY.RUN&#039;s Cybersecurity Blog<\/title>\n<meta name=\"description\" content=\"Learn how to use ANY.RUN malware sandbox&#039;s secret features to simplify and speed up your analysis of the latest malware and phishing threats.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/any.run\/cybersecurity-blog\/8-malware-sandbox-features\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"y.shvetsov\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/8-malware-sandbox-features\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/8-malware-sandbox-features\/\"},\"author\":{\"name\":\"y.shvetsov\",\"@id\":\"https:\/\/any.run\/\"},\"headline\":\"8 ANY.RUN Features you Need to Know About\",\"datePublished\":\"2023-11-01T05:40:18+00:00\",\"dateModified\":\"2024-09-20T12:12:21+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/8-malware-sandbox-features\/\"},\"wordCount\":1046,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"keywords\":[\"ANYRUN\",\"cybersecurity training\",\"features\",\"malware analysis\"],\"articleSection\":[\"Cybersecurity Lifehacks\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/8-malware-sandbox-features\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/8-malware-sandbox-features\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/8-malware-sandbox-features\/\",\"name\":\"8 ANY.RUN Features you Need to Know About - ANY.RUN&#039;s Cybersecurity Blog\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/\"},\"datePublished\":\"2023-11-01T05:40:18+00:00\",\"dateModified\":\"2024-09-20T12:12:21+00:00\",\"description\":\"Learn how to use ANY.RUN malware sandbox's secret features to simplify and speed up your analysis of the latest malware and phishing threats.\",\"breadcrumb\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/8-malware-sandbox-features\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/8-malware-sandbox-features\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/8-malware-sandbox-features\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cybersecurity Lifehacks\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/category\/lifehacks\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"8 ANY.RUN Features you Need to Know About\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN&#039;s Cybersecurity Blog\",\"description\":\"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.\",\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/any.run\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"url\":\"https:\/\/any.run\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"contentUrl\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"width\":1,\"height\":1,\"caption\":\"ANY.RUN\"},\"image\":{\"@id\":\"https:\/\/any.run\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/www.any.run\/\",\"https:\/\/twitter.com\/anyrun_app\",\"https:\/\/www.linkedin.com\/company\/30692044\",\"https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"y.shvetsov\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d0d0a5df59078efed19ba1b45c4fb721?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d0d0a5df59078efed19ba1b45c4fb721?s=96&d=mm&r=g\",\"caption\":\"y.shvetsov\"},\"url\":\"https:\/\/any.run\/cybersecurity-blog\/author\/y-shvetsov\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"8 ANY.RUN Features you Need to Know About - ANY.RUN&#039;s Cybersecurity Blog","description":"Learn how to use ANY.RUN malware sandbox's secret features to simplify and speed up your analysis of the latest malware and phishing threats.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/any.run\/cybersecurity-blog\/8-malware-sandbox-features\/","twitter_misc":{"Written by":"y.shvetsov","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/any.run\/cybersecurity-blog\/8-malware-sandbox-features\/#article","isPartOf":{"@id":"https:\/\/any.run\/cybersecurity-blog\/8-malware-sandbox-features\/"},"author":{"name":"y.shvetsov","@id":"https:\/\/any.run\/"},"headline":"8 ANY.RUN Features you Need to Know About","datePublished":"2023-11-01T05:40:18+00:00","dateModified":"2024-09-20T12:12:21+00:00","mainEntityOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/8-malware-sandbox-features\/"},"wordCount":1046,"commentCount":0,"publisher":{"@id":"https:\/\/any.run\/"},"keywords":["ANYRUN","cybersecurity training","features","malware analysis"],"articleSection":["Cybersecurity Lifehacks"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/any.run\/cybersecurity-blog\/8-malware-sandbox-features\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/any.run\/cybersecurity-blog\/8-malware-sandbox-features\/","url":"https:\/\/any.run\/cybersecurity-blog\/8-malware-sandbox-features\/","name":"8 ANY.RUN Features you Need to Know About - ANY.RUN&#039;s Cybersecurity Blog","isPartOf":{"@id":"https:\/\/any.run\/"},"datePublished":"2023-11-01T05:40:18+00:00","dateModified":"2024-09-20T12:12:21+00:00","description":"Learn how to use ANY.RUN malware sandbox's secret features to simplify and speed up your analysis of the latest malware and phishing threats.","breadcrumb":{"@id":"https:\/\/any.run\/cybersecurity-blog\/8-malware-sandbox-features\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/any.run\/cybersecurity-blog\/8-malware-sandbox-features\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/any.run\/cybersecurity-blog\/8-malware-sandbox-features\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/any.run\/cybersecurity-blog\/"},{"@type":"ListItem","position":2,"name":"Cybersecurity Lifehacks","item":"https:\/\/any.run\/cybersecurity-blog\/category\/lifehacks\/"},{"@type":"ListItem","position":3,"name":"8 ANY.RUN Features you Need to Know About"}]},{"@type":"WebSite","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/","name":"ANY.RUN&#039;s Cybersecurity Blog","description":"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.","publisher":{"@id":"https:\/\/any.run\/"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/any.run\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/any.run\/","name":"ANY.RUN","url":"https:\/\/any.run\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","width":1,"height":1,"caption":"ANY.RUN"},"image":{"@id":"https:\/\/any.run\/"},"sameAs":["https:\/\/www.facebook.com\/www.any.run\/","https:\/\/twitter.com\/anyrun_app","https:\/\/www.linkedin.com\/company\/30692044","https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ"]},{"@type":"Person","@id":"https:\/\/any.run\/","name":"y.shvetsov","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/secure.gravatar.com\/avatar\/d0d0a5df59078efed19ba1b45c4fb721?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d0d0a5df59078efed19ba1b45c4fb721?s=96&d=mm&r=g","caption":"y.shvetsov"},"url":"https:\/\/any.run\/cybersecurity-blog\/author\/y-shvetsov\/"}]}},"_links":{"self":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/6091"}],"collection":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/comments?post=6091"}],"version-history":[{"count":5,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/6091\/revisions"}],"predecessor-version":[{"id":8862,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/6091\/revisions\/8862"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media\/6105"}],"wp:attachment":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media?parent=6091"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/categories?post=6091"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/tags?post=6091"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}