{"id":8391,"date":"2024-07-25T07:28:33","date_gmt":"2024-07-25T07:28:33","guid":{"rendered":"\/cybersecurity-blog\/?p=8391"},"modified":"2024-08-12T07:03:40","modified_gmt":"2024-08-12T07:03:40","slug":"process-graph","status":"publish","type":"post","link":"https:\/\/any.run\/cybersecurity-blog\/process-graph\/","title":{"rendered":"See Malicious Process Relationships <br> on a Visual Graph\u00a0"},"content":{"rendered":"\n<p>At <a href=\"http:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=visual_process_graph&amp;utm_term=250724&amp;utm_content=linktolanding\/\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN<\/a>, we&#8217;re all about making in-depth technical information accessible. One of the ways we do this is by providing you with various detailed, yet easy-to-understand <a href=\"https:\/\/any.run\/cybersecurity-blog\/guide-to-malware-analysis-reports\/\" target=\"_blank\" rel=\"noreferrer noopener\">reports<\/a> on malware behavior. One such report is <em>Process graph<\/em>.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What is Process graph?&nbsp;<\/h2>\n\n\n\n<p><em>Process graph<\/em> is a report that visually shows how system processes, especially malicious ones, relate to each other.&nbsp;<\/p>\n\n\n\n<p>In this article, we&#8217;ll explore:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>How this small but very powerful ANY.RUN feature works.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>How to access it.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>And when you might find it useful.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">How to access the Process graph report?&nbsp;<\/h2>\n\n\n\n<p><em>Process graph<\/em> is one of our users&#8217; favorite features. Let&#8217;s walk through how to open this report using <a href=\"https:\/\/app.any.run\/tasks\/038f75e7-801c-4b03-a76f-7026f2cc9cfd\" target=\"_blank\" rel=\"noreferrer noopener\">this analysis session recording<\/a> as an example.&nbsp;<\/p>\n\n\n\n<!-- Highlight Block HTML START -->\n<div class=\"window\">\n  \n  <div class=\"window-body\">\n    <p>\u261d\ufe0f To access all session reports, complete your analysis session first.<\/p>\n  <\/div>\n<\/div>\n<!-- Highlight Block HTML END -->\n\n\n<!-- Highlight Block CSS START -->\n<style>\n  .window {\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n\n    border-radius: 4px;\n    margin: 20px auto 50px auto;\n    padding: 20px 40px;\n    line-height: 2rem;\n  }\n\n  .window-header {\n    display: flex;\n    justify-content: center;\n    margin-bottom: 20px;\n  }\n\n  .pill {\n    background-color: #fff;\n    border-radius: 20px;\n    color: #333;\n    font-weight: bold;\n    padding: 8px 32px;\nborder: 1px solid rgba(75, 174, 227, 0.32);\n  }\n\n  @media (max-width: 480px) {\n    .window {\n      padding: 10px;\n    }\n    \n    .pill {\n      font-size: 14px;\n      padding: 6px 12px;\n    }\n  }\n<\/style>\n<!-- Highlight Block CSS END -->\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"568\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image-min-1-1024x568.png\" alt=\"\" class=\"wp-image-8395\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image-min-1-1024x568.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image-min-1-300x166.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image-min-1-768x426.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image-min-1-1536x852.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image-min-1-2048x1136.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image-min-1-370x205.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image-min-1-270x150.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image-min-1-740x411.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">The Graph button is available in the top-right corner of the sandbox interface <\/figcaption><\/figure><\/div>\n\n\n<p>To open the graph, click on the <em>Graph<\/em><strong> <\/strong>button in the top-right corner of the screen.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image2-7-1024x588.png\" alt=\"\" class=\"wp-image-8396\" width=\"650\" height=\"373\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image2-7-1024x588.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image2-7-300x172.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image2-7-768x441.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image2-7-1536x882.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image2-7-2048x1176.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image2-7-370x212.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image2-7-270x155.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image2-7-740x425.png 740w\" sizes=\"(max-width: 650px) 100vw, 650px\" \/><figcaption class=\"wp-element-caption\"><em>Process graph<\/em> showing Agent Tesla infection chain<\/figcaption><\/figure><\/div>\n\n\n<p>A new full-screen popup will open, showing you a visual representation of system processes on a canvas.&nbsp;<\/p>\n\n\n\n<p>This view makes it a lot easier to see how processes relate to one another and trace parent-child relationships.&nbsp;<\/p>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\n<span class=\"highlight\">ANY.RUN<\/span> simplifies malware analysis with visual reports&nbsp;\n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/app.any.run\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=visual_process_graph&#038;utm_term=250724&#038;utm_content=linktoregistration#register\/\" rel=\"noopener\" target=\"_blank\">\nTry it for free\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h2 class=\"wp-block-heading\">What can you do in Process graph?&nbsp;<\/h2>\n\n\n\n<p><em>Process graph<\/em> has some hidden features!&nbsp;<\/p>\n\n\n\n<p>Firstly, it is a fully <a href=\"https:\/\/any.run\/cybersecurity-blog\/interactive-vs-automated-sandbox\/\" target=\"_blank\" rel=\"noreferrer noopener\">interactive<\/a> visual representation of the same information you see in the <em><a href=\"https:\/\/any.run\/cybersecurity-blog\/process-tree-analysis\/\" target=\"_blank\" rel=\"noreferrer noopener\">Process tree<\/a><\/em>. And just like in the tree, you can access additional data by clicking on each process:&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"590\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image3-3-1024x590.png\" alt=\"\" class=\"wp-image-8397\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image3-3-1024x590.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image3-3-300x173.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image3-3-768x442.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image3-3-1536x885.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image3-3-2048x1180.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image3-3-370x213.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image3-3-270x156.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image3-3-740x426.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">Each process in the graph is clickable<\/figcaption><\/figure><\/div>\n\n\n<p>Clicking on a process (like the one marked with #AGENTTESLA) reveals extra information in a popup, including:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Malicious score.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Expanded list of indicators.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Related command line.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Triggered signatures with descriptions.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>By clicking <em>More info<\/em>, you can access <em>Advanced process details<\/em><strong> <\/strong>for an even more in-depth report:&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"590\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image4-min-1024x590.png\" alt=\"\" class=\"wp-image-8398\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image4-min-1024x590.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image4-min-300x173.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image4-min-768x443.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image4-min-1536x885.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image4-min-2048x1181.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image4-min-370x213.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image4-min-270x156.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image4-min-740x427.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">You can access <em>Advanced details<\/em> of each process<\/figcaption><\/figure><\/div>\n\n\n<p>Secondly, you can move around the canvas and zoom in and out. <\/p>\n\n\n\n<p>In our first example, all the information fits in one screen, but we&#8217;ll see this aspect better used in the next example.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">When might you use the Process graph report?&nbsp;<\/h2>\n\n\n\n<p><em>Process graph<\/em> is particularly useful when you&#8217;re working with a sample that has many nested or branching processes, making it difficult to identify the main one from a vertical process tree.&nbsp;<\/p>\n\n\n\n<p>In other words, it&#8217;s most helpful when a linear tree view seems overwhelming or confusing due to malware launching lots of child processes to mislead analysts.&nbsp;<\/p>\n\n\n\n<p>Let\u2019s see this in action! Consider this <a href=\"https:\/\/app.any.run\/tasks\/015401be-dd02-4cee-91c2-b2a1d15691c1\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=visual_process_graph&amp;utm_term=250724&amp;utm_content=linktoservice\/\" target=\"_blank\" rel=\"noreferrer noopener\">TrickBot sample<\/a>:&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"568\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image5-min-1024x568.png\" alt=\"\" class=\"wp-image-8399\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image5-min-1024x568.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image5-min-300x166.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image5-min-768x426.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image5-min-1536x851.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image5-min-2048x1135.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image5-min-370x205.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image5-min-270x150.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image5-min-740x410.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">ANY.RUN also shows a hierarchical view of processes<\/figcaption><\/figure><\/div>\n\n\n<p>In this analysis session, the list of processes goes on and on, and there\u2019s a long scrollbar. Let&#8217;s switch to the graph view to make sense of this complexity:&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"585\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image6-2-1024x585.png\" alt=\"\" class=\"wp-image-8400\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image6-2-1024x585.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image6-2-300x171.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image6-2-768x439.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image6-2-1536x878.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image6-2-2048x1170.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image6-2-370x211.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image6-2-270x154.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image6-2-740x423.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Process graph<\/em> simplifies the understanding of malware&#8217;s behavior<\/figcaption><\/figure><\/div>\n\n\n<p>Now it becomes crystal-clear which processes are parents, which are children, and how they branch out.&nbsp;<\/p>\n\n\n\n<p>From here, you can easily trace your way to the main executable, which is in this group:&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"587\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image7-2-1024x587.png\" alt=\"\" class=\"wp-image-8401\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image7-2-1024x587.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image7-2-300x172.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image7-2-768x440.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image7-2-1536x880.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image7-2-2048x1173.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image7-2-370x212.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image7-2-270x155.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image7-2-740x424.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">The main malicious process is outlined in red<\/figcaption><\/figure><\/div>\n\n\n<h2 class=\"wp-block-heading\">To summarize&nbsp;<\/h2>\n\n\n\n<p>Let\u2019s quickly recap:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><em>Process graph<\/em> visually represents relationships between system processes, especially malicious ones.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>It&#8217;s interactive and you can click on processes to see additional details, including malicious scores, indicators, and triggered signatures.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><em>Process graphs<\/em> are particularly useful for complex malware samples with many nested processes, where linear tree views become confusing.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The graph view makes it easier to identify parent-child relationships and trace the main executable in complex scenarios.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">About ANY.RUN&nbsp;&nbsp;<\/h2>\n\n\n\n<p>ANY.RUN helps more than 400,000 cybersecurity professionals worldwide. Our <a href=\"http:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=visual_process_graph&amp;utm_term=250724&amp;utm_content=linktolanding\/\" target=\"_blank\" rel=\"noreferrer noopener\">interactive sandbox<\/a> simplifies malware analysis of threats that target both Windows and <a href=\"https:\/\/any.run\/cybersecurity-blog\/linux-malware-analysis-cases\/\" target=\"_blank\" rel=\"noreferrer noopener\">Linux<\/a> systems. Our threat intelligence products, <a href=\"https:\/\/any.run\/cybersecurity-blog\/introducing-any-run-threat-intelligence-lookup\/\" target=\"_blank\" rel=\"noreferrer noopener\">TI Lookup<\/a>, <a href=\"https:\/\/any.run\/cybersecurity-blog\/yara-search\/\" target=\"_blank\" rel=\"noreferrer noopener\">Yara Search<\/a> and <a href=\"https:\/\/any.run\/cybersecurity-blog\/ti-feeds-integration\/\" target=\"_blank\" rel=\"noreferrer noopener\">Feeds<\/a>, help you find <a href=\"https:\/\/any.run\/cybersecurity-blog\/indicators-of-compromise\/\" target=\"_blank\" rel=\"noreferrer noopener\">IOCs<\/a> or files to learn more about the threats and respond to incidents faster.&nbsp;&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>With ANY.RUN you can:<\/strong>&nbsp;<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Detect malware in seconds.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Interact with samples in real time.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Save time and money on sandbox setup and maintenance&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Record and study all aspects of malware behavior.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Collaborate with your team&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Scale as you need.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p><a href=\"https:\/\/app.any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=visual_process_graph&amp;utm_term=250724&amp;utm_content=linktoregistration#register\" target=\"_blank\" rel=\"noreferrer noopener\">Try the full power of ANY.RUN with a 14-day free trial \u2192<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>At ANY.RUN, we&#8217;re all about making in-depth technical information accessible. One of the ways we do this is by providing you with various detailed, yet easy-to-understand reports on malware behavior. One such report is Process graph.&nbsp; What is Process graph?&nbsp; Process graph is a report that visually shows how system processes, especially malicious ones, relate [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":8402,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[57,10,40],"class_list":["post-8391","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-instructions","tag-anyrun","tag-cybersecurity","tag-malware-behavior"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.10 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>See Malicious Process Relationships  on a Visual Graph\u00a0 - ANY.RUN&#039;s Cybersecurity Blog<\/title>\n<meta name=\"description\" content=\"See how you can easily understand the infection chain of any malware by using the Process graph report in the ANY.RUN sandbox.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/any.run\/cybersecurity-blog\/process-graph\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ANY.RUN\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/process-graph\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/process-graph\/\"},\"author\":{\"name\":\"ANY.RUN\",\"@id\":\"https:\/\/any.run\/\"},\"headline\":\"See Malicious Process Relationships on a Visual Graph\u00a0\",\"datePublished\":\"2024-07-25T07:28:33+00:00\",\"dateModified\":\"2024-08-12T07:03:40+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/process-graph\/\"},\"wordCount\":758,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"keywords\":[\"ANYRUN\",\"cybersecurity\",\"malware behavior\"],\"articleSection\":[\"Instructions on ANY.RUN\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/process-graph\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/process-graph\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/process-graph\/\",\"name\":\"See Malicious Process Relationships on a Visual Graph\u00a0 - ANY.RUN&#039;s Cybersecurity Blog\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/\"},\"datePublished\":\"2024-07-25T07:28:33+00:00\",\"dateModified\":\"2024-08-12T07:03:40+00:00\",\"description\":\"See how you can easily understand the infection chain of any malware by using the Process graph report in the ANY.RUN sandbox.\",\"breadcrumb\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/process-graph\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/process-graph\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/process-graph\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Instructions on ANY.RUN\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/category\/instructions\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"See Malicious Process Relationships on a Visual Graph\u00a0\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN&#039;s Cybersecurity Blog\",\"description\":\"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.\",\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/any.run\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"url\":\"https:\/\/any.run\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"contentUrl\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"width\":1,\"height\":1,\"caption\":\"ANY.RUN\"},\"image\":{\"@id\":\"https:\/\/any.run\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/www.any.run\/\",\"https:\/\/twitter.com\/anyrun_app\",\"https:\/\/www.linkedin.com\/company\/30692044\",\"https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"caption\":\"ANY.RUN\"},\"url\":\"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"See Malicious Process Relationships  on a Visual Graph\u00a0 - ANY.RUN&#039;s Cybersecurity Blog","description":"See how you can easily understand the infection chain of any malware by using the Process graph report in the ANY.RUN sandbox.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/any.run\/cybersecurity-blog\/process-graph\/","twitter_misc":{"Written by":"ANY.RUN","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/any.run\/cybersecurity-blog\/process-graph\/#article","isPartOf":{"@id":"https:\/\/any.run\/cybersecurity-blog\/process-graph\/"},"author":{"name":"ANY.RUN","@id":"https:\/\/any.run\/"},"headline":"See Malicious Process Relationships on a Visual Graph\u00a0","datePublished":"2024-07-25T07:28:33+00:00","dateModified":"2024-08-12T07:03:40+00:00","mainEntityOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/process-graph\/"},"wordCount":758,"commentCount":0,"publisher":{"@id":"https:\/\/any.run\/"},"keywords":["ANYRUN","cybersecurity","malware behavior"],"articleSection":["Instructions on ANY.RUN"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/any.run\/cybersecurity-blog\/process-graph\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/any.run\/cybersecurity-blog\/process-graph\/","url":"https:\/\/any.run\/cybersecurity-blog\/process-graph\/","name":"See Malicious Process Relationships on a Visual Graph\u00a0 - ANY.RUN&#039;s Cybersecurity Blog","isPartOf":{"@id":"https:\/\/any.run\/"},"datePublished":"2024-07-25T07:28:33+00:00","dateModified":"2024-08-12T07:03:40+00:00","description":"See how you can easily understand the infection chain of any malware by using the Process graph report in the ANY.RUN sandbox.","breadcrumb":{"@id":"https:\/\/any.run\/cybersecurity-blog\/process-graph\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/any.run\/cybersecurity-blog\/process-graph\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/any.run\/cybersecurity-blog\/process-graph\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/any.run\/cybersecurity-blog\/"},{"@type":"ListItem","position":2,"name":"Instructions on ANY.RUN","item":"https:\/\/any.run\/cybersecurity-blog\/category\/instructions\/"},{"@type":"ListItem","position":3,"name":"See Malicious Process Relationships on a Visual Graph\u00a0"}]},{"@type":"WebSite","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/","name":"ANY.RUN&#039;s Cybersecurity Blog","description":"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.","publisher":{"@id":"https:\/\/any.run\/"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/any.run\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/any.run\/","name":"ANY.RUN","url":"https:\/\/any.run\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","width":1,"height":1,"caption":"ANY.RUN"},"image":{"@id":"https:\/\/any.run\/"},"sameAs":["https:\/\/www.facebook.com\/www.any.run\/","https:\/\/twitter.com\/anyrun_app","https:\/\/www.linkedin.com\/company\/30692044","https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ"]},{"@type":"Person","@id":"https:\/\/any.run\/","name":"ANY.RUN","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","caption":"ANY.RUN"},"url":"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/"}]}},"_links":{"self":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/8391"}],"collection":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/comments?post=8391"}],"version-history":[{"count":9,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/8391\/revisions"}],"predecessor-version":[{"id":8413,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/8391\/revisions\/8413"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media\/8402"}],"wp:attachment":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media?parent=8391"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/categories?post=8391"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/tags?post=8391"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}