{"id":8787,"date":"2024-09-11T11:57:58","date_gmt":"2024-09-11T11:57:58","guid":{"rendered":"\/cybersecurity-blog\/?p=8787"},"modified":"2025-06-26T09:56:12","modified_gmt":"2025-06-26T09:56:12","slug":"how-to-analyze-malware-eric-parker-guide","status":"publish","type":"post","link":"https:\/\/any.run\/cybersecurity-blog\/how-to-analyze-malware-eric-parker-guide\/","title":{"rendered":"How to Analyze Malware in ANY.RUN Sandbox: Eric Parker&#8217;s Guide"},"content":{"rendered":"\n<p>Recently, <strong>Eric Parker<\/strong>, a cybersecurity expert and YouTuber, released a <a href=\"https:\/\/www.youtube.com\/watch?v=G4QqAKrBpMY\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">new video<\/a> on ANY.RUN\u2019s <a href=\"?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=eric_analysis&amp;utm_term=110924&amp;utm_content=linktolanding\/\" target=\"_blank\" rel=\"noreferrer noopener\">interactive sandbox<\/a>. We recommend you take a look at his tutorial, as it offers a step-by-step guide on how to use the service and save time on reverse engineering.<\/p>\n\n\n\n<p>Here&#8217;s our overview of the key highlights from the video.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">About malware analysis in a sandbox&nbsp;<\/h2>\n\n\n\n<p>Sandboxing is a crucial process in cybersecurity that lets professionals analyze malware in a controlled environment. Sandboxes provide a safe space to upload and examine potentially malicious samples without compromising your actual system. <\/p>\n\n\n\n<p>ANY.RUN\u2019s sandbox offers interactive analysis, providing users with a real-time view of how malware behaves and allowing them to engage with the system and samples just like on a standard computer.<\/p>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nTry advanced <span class=\"highlight\">malware analysis<\/span> with ANY.RUN for free&nbsp;\n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/app.any.run\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=eric_analysis&#038;utm_term=110924&#038;utm_content=linktoregistration#register\/\" rel=\"noopener\" target=\"_blank\">\nSign up now\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h2 class=\"wp-block-heading\">Setting up a sandbox environment&nbsp;<\/h2>\n\n\n\n<p>Eric began by highlighting various settings of ANY.RUN that can be adjusted for different scenarios, including:&nbsp;<\/p>\n\n\n\n<p><strong>MITM Proxy<\/strong>: This setting is particularly useful for intercepting and analyzing network traffic, such as HTTP requests made by the malware. This allows you to track how the malware communicates with command and control (C2) servers and gather more detailed information about its actions.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"811\" height=\"279\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/09\/image2-1.png\" alt=\"\" class=\"wp-image-8789\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/09\/image2-1.png 811w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/09\/image2-1-300x103.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/09\/image2-1-768x264.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/09\/image2-1-370x127.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/09\/image2-1-270x93.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/09\/image2-1-740x255.png 740w\" sizes=\"(max-width: 811px) 100vw, 811px\" \/><figcaption class=\"wp-element-caption\"><em>Network settings in ANY.RUN sandbox<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p><strong>FakeNet<\/strong>: This option is effective if you&#8217;re worried about malware with worm-like capabilities, allowing detection of network shares or interactions with non-functional command and control servers.&nbsp;<\/p>\n\n\n\n<p>Learn more about <a href=\"https:\/\/any.run\/cybersecurity-blog\/mitm-proxy-fake-net\/\" target=\"_blank\" rel=\"noreferrer noopener\">MITM proxy and FakeNet<\/a>&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"848\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/09\/image3-1024x848.png\" alt=\"\" class=\"wp-image-8790\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/09\/image3-1024x848.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/09\/image3-300x248.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/09\/image3-768x636.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/09\/image3-1536x1272.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/09\/image3-370x306.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/09\/image3-270x224.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/09\/image3-740x613.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/09\/image3.png 1688w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Operating system customization in ANY.RUN sandbox<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p><strong>Operating System Customization<\/strong>: ANY.RUN offers a variety of OS options, from older versions of Windows (7\/32-bit, 7\/64-bit) to the latest <a href=\"https:\/\/any.run\/cybersecurity-blog\/windows11-uac-bypass\/\" target=\"_blank\" rel=\"noreferrer noopener\">Windows 11<\/a>. <a href=\"https:\/\/any.run\/cybersecurity-blog\/linux-malware-analysis-cases\/\" target=\"_blank\" rel=\"noreferrer noopener\">Linux<\/a> users can also run samples for cross-platform analysis. &nbsp;<\/p>\n\n\n\n<p>For legacy malware, using an older OS might be necessary for full compatibility. Eric recommends experimenting with different OS options based on the malware sample.&nbsp;<\/p>\n\n\n\n<p><strong>Pre-installed soft set<\/strong>: Choose the <a href=\"https:\/\/any.run\/cybersecurity-blog\/pre-installed-dev-tools\/\" target=\"_blank\" rel=\"noreferrer noopener\">Development soft set<\/a> to access additional software in the VM for analysis of complex threats. It includes Python, x64bg, Wireshark PE, and more.\u00a0<\/p>\n\n\n\n<p><a href=\"https:\/\/any.run\/cybersecurity-blog\/privacy\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Privacy Settings<\/strong><\/a>: You can choose whether your analysis results are public or private. If you&#8217;re working with sensitive malware samples that could contain proprietary information, this feature ensures confidentiality.&nbsp;<\/p>\n\n\n\n<p><strong>Duration Control<\/strong>: For malware that delays execution (e.g., with sleep functions), you can extend the sandbox runtime to capture the full scope of its behavior.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Sandbox analysis of Zombie malware&nbsp;<\/h2>\n\n\n\n<p>In the video&nbsp;demonstration, Eric used a sample he suspected of being malware. ANY.RUN\u2019s sandbox quickly identified warning signs, detecting file replacements and abnormal behaviors indicative of malware infection.&nbsp;<\/p>\n\n\n\n<p>Key points in the analysis:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>File overwriting<\/strong>: The malware replaced files with an executable payload. In the example, the malicious EXE was&nbsp;found to overwrite legitimate system files and create numerous temporary files.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>File dumping<\/strong>: One of ANY.RUN\u2019s most valuable features was the ability to dump files mid-execution, making it easier to analyze malware that uses packing or encryption to conceal its malicious actions.&nbsp;<\/li>\n<\/ul>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"301\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/09\/image6-1-1024x301.png\" alt=\"\" class=\"wp-image-8792\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/09\/image6-1-1024x301.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/09\/image6-1-300x88.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/09\/image6-1-768x226.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/09\/image6-1-1536x451.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/09\/image6-1-370x109.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/09\/image6-1-270x79.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/09\/image6-1-740x218.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/09\/image6-1.png 1776w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">File dumping in ANY.RUN sandbox<\/figcaption><\/figure><\/div>\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Executable identification<\/strong>: Uploading the file to the sandbox made it possible to instantly identify it as malicious and belonging to the Zombie malware family.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Analysis of Pysilon Discord RAT&nbsp;<\/h2>\n\n\n\n<p>Eric emphasized that the goal of any malware analyst is not to understand every line of code, but to get a good view of how the program interacts with the system. This is where an interactive sandbox can prove extremely helpful. &nbsp;<\/p>\n\n\n\n<p>By running the malware in a virtual environment, analysts can quickly understand its behavior without delving into advanced reverse engineering. <\/p>\n\n\n\n<p>In many cases, dynamic analysis alone can provide all the necessary information, bypassing the need for a full static analysis.&nbsp;Eric showed this by running a <strong>Pysilon Discord RAT<\/strong> sample in the sandbox. <\/p>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nTry all features of <span class=\"highlight\">ANY.RUN sandbox<\/span> for free&nbsp;\n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/any.run\/demo\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=eric_analysis&#038;utm_term=110924&#038;utm_content=linktodemo\/\" rel=\"noopener\" target=\"_blank\">\nGet 14-day trial\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<p><strong>Pysilon<\/strong> is a malware that is often packed in a unique way, making static analysis more difficult. To avoid dealing with the packer, Eric simply enabled the MITM proxy in&nbsp;<strong>ANY.RUN<\/strong>, which allowed him to acquire the malware&#8217;s Discord bot token in a few seconds.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"619\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/09\/image-1024x619.png\" alt=\"\" class=\"wp-image-8793\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/09\/image-1024x619.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/09\/image-300x181.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/09\/image-768x464.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/09\/image-370x224.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/09\/image-270x163.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/09\/image-740x447.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/09\/image.png 1138w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Bot token acquired in ANY.RUN sandbox<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>ANY.RUN also identified a newly spawned executable named &#8220;driveinst.exe&#8221; which mimicked a legitimate process. This executable was flagged as unsigned, raising a red flag.&nbsp;<\/p>\n\n\n\n<p>ANY.RUN automatically categorized the malware as a&nbsp;<strong>stealer<\/strong>, highlighting its malicious actions and network communications.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"511\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/09\/image-1-1024x511.png\" alt=\"\" class=\"wp-image-8794\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/09\/image-1-1024x511.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/09\/image-1-300x150.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/09\/image-1-768x384.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/09\/image-1-1536x767.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/09\/image-1-370x185.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/09\/image-1-270x135.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/09\/image-1-740x370.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/09\/image-1.png 1600w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Pysilon Discord RAT analysis inside ANY.RUN sandbox<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>As a result, the bot token was captured, the malware\u2019s behavior was observed, and the analysis was completed in less than 30 seconds.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Conclusion&nbsp;<\/h2>\n\n\n\n<p>Sandboxes, as demonstrated by Eric Parker, are a powerful tool in the fight against malware. Sandbox analysis allowed Eric to extract crucial information within minutes, cutting down the time needed for manual reverse engineering.<\/p>\n\n\n\n<p>The sandbox provided live data on network traffic, file manipulation, and system changes, delivering instant feedback on malware behavior.<\/p>\n\n\n\n<p>Eric was able to avoid the need to manually unpack or decrypt files, streamlining the analysis process.<\/p>\n\n\n\n<p>To see full potential of ANY.RUN\u2019s sandbox, <a href=\"https:\/\/any.run\/demo\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=eric_analysis&amp;utm_term=110924&amp;utm_content=linktodemo\" target=\"_blank\" rel=\"noreferrer noopener\">request a 14-day free trial \u2192<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">About ANY.RUN&nbsp;&nbsp;&nbsp;<\/h2>\n\n\n\n<p>ANY.RUN helps more than 400,000 cybersecurity professionals worldwide. Our&nbsp;<a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=eric_analysis&amp;utm_term=110924&amp;utm_content=linktolanding\/\" target=\"_blank\" rel=\"noreferrer noopener\">interactive sandbox<\/a>&nbsp;simplifies malware analysis of threats that target both Windows and&nbsp;<a href=\"https:\/\/any.run\/cybersecurity-blog\/linux-malware-analysis-cases\/\" target=\"_blank\" rel=\"noreferrer noopener\">Linux<\/a>&nbsp;systems. Our threat intelligence products,&nbsp;<a href=\"https:\/\/any.run\/cybersecurity-blog\/introducing-any-run-threat-intelligence-lookup\/\" target=\"_blank\" rel=\"noreferrer noopener\">TI Lookup<\/a>,&nbsp;<a href=\"https:\/\/any.run\/cybersecurity-blog\/yara-search\/\" target=\"_blank\" rel=\"noreferrer noopener\">YARA Search<\/a>&nbsp;and&nbsp;<a href=\"https:\/\/any.run\/cybersecurity-blog\/ti-feeds-integration\/\" target=\"_blank\" rel=\"noreferrer noopener\">Feeds<\/a>, help you find&nbsp;<a href=\"https:\/\/any.run\/cybersecurity-blog\/indicators-of-compromise\/\" target=\"_blank\" rel=\"noreferrer noopener\">IOCs<\/a>&nbsp;or files to learn more about the threats and respond to incidents faster.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Recently, Eric Parker, a cybersecurity expert and YouTuber, released a new video on ANY.RUN\u2019s interactive sandbox. We recommend you take a look at his tutorial, as it offers a step-by-step guide on how to use the service and save time on reverse engineering. Here&#8217;s our overview of the key highlights from the video.&nbsp; About malware [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":8796,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[57,10,15],"class_list":["post-8787","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-instructions","tag-anyrun","tag-cybersecurity","tag-malware"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.10 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How to Analyze Malware in ANY.RUN Sandbox: Eric Parker&#039;s Guide - ANY.RUN&#039;s Cybersecurity Blog<\/title>\n<meta name=\"description\" content=\"See a detailed tutorial on using the ANY.RUN malware sandbox from the YouTuber and cybersecurity expert Eric Parker.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/any.run\/cybersecurity-blog\/how-to-analyze-malware-eric-parker-guide\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ANY.RUN\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/how-to-analyze-malware-eric-parker-guide\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/how-to-analyze-malware-eric-parker-guide\/\"},\"author\":{\"name\":\"ANY.RUN\",\"@id\":\"https:\/\/any.run\/\"},\"headline\":\"How to Analyze Malware in ANY.RUN Sandbox: Eric Parker&#8217;s Guide\",\"datePublished\":\"2024-09-11T11:57:58+00:00\",\"dateModified\":\"2025-06-26T09:56:12+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/how-to-analyze-malware-eric-parker-guide\/\"},\"wordCount\":961,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"keywords\":[\"ANYRUN\",\"cybersecurity\",\"malware\"],\"articleSection\":[\"Instructions on ANY.RUN\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/how-to-analyze-malware-eric-parker-guide\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/how-to-analyze-malware-eric-parker-guide\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/how-to-analyze-malware-eric-parker-guide\/\",\"name\":\"How to Analyze Malware in ANY.RUN Sandbox: Eric Parker's Guide - ANY.RUN&#039;s Cybersecurity Blog\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/\"},\"datePublished\":\"2024-09-11T11:57:58+00:00\",\"dateModified\":\"2025-06-26T09:56:12+00:00\",\"description\":\"See a detailed tutorial on using the ANY.RUN malware sandbox from the YouTuber and cybersecurity expert Eric Parker.\",\"breadcrumb\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/how-to-analyze-malware-eric-parker-guide\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/how-to-analyze-malware-eric-parker-guide\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/how-to-analyze-malware-eric-parker-guide\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Instructions on ANY.RUN\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/category\/instructions\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"How to Analyze Malware in ANY.RUN Sandbox: Eric Parker&#8217;s Guide\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN&#039;s Cybersecurity Blog\",\"description\":\"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.\",\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/any.run\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"url\":\"https:\/\/any.run\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"contentUrl\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"width\":1,\"height\":1,\"caption\":\"ANY.RUN\"},\"image\":{\"@id\":\"https:\/\/any.run\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/www.any.run\/\",\"https:\/\/twitter.com\/anyrun_app\",\"https:\/\/www.linkedin.com\/company\/30692044\",\"https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"caption\":\"ANY.RUN\"},\"url\":\"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to Analyze Malware in ANY.RUN Sandbox: Eric Parker's Guide - ANY.RUN&#039;s Cybersecurity Blog","description":"See a detailed tutorial on using the ANY.RUN malware sandbox from the YouTuber and cybersecurity expert Eric Parker.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/any.run\/cybersecurity-blog\/how-to-analyze-malware-eric-parker-guide\/","twitter_misc":{"Written by":"ANY.RUN","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/any.run\/cybersecurity-blog\/how-to-analyze-malware-eric-parker-guide\/#article","isPartOf":{"@id":"https:\/\/any.run\/cybersecurity-blog\/how-to-analyze-malware-eric-parker-guide\/"},"author":{"name":"ANY.RUN","@id":"https:\/\/any.run\/"},"headline":"How to Analyze Malware in ANY.RUN Sandbox: Eric Parker&#8217;s Guide","datePublished":"2024-09-11T11:57:58+00:00","dateModified":"2025-06-26T09:56:12+00:00","mainEntityOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/how-to-analyze-malware-eric-parker-guide\/"},"wordCount":961,"commentCount":0,"publisher":{"@id":"https:\/\/any.run\/"},"keywords":["ANYRUN","cybersecurity","malware"],"articleSection":["Instructions on ANY.RUN"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/any.run\/cybersecurity-blog\/how-to-analyze-malware-eric-parker-guide\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/any.run\/cybersecurity-blog\/how-to-analyze-malware-eric-parker-guide\/","url":"https:\/\/any.run\/cybersecurity-blog\/how-to-analyze-malware-eric-parker-guide\/","name":"How to Analyze Malware in ANY.RUN Sandbox: Eric Parker's Guide - ANY.RUN&#039;s Cybersecurity Blog","isPartOf":{"@id":"https:\/\/any.run\/"},"datePublished":"2024-09-11T11:57:58+00:00","dateModified":"2025-06-26T09:56:12+00:00","description":"See a detailed tutorial on using the ANY.RUN malware sandbox from the YouTuber and cybersecurity expert Eric Parker.","breadcrumb":{"@id":"https:\/\/any.run\/cybersecurity-blog\/how-to-analyze-malware-eric-parker-guide\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/any.run\/cybersecurity-blog\/how-to-analyze-malware-eric-parker-guide\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/any.run\/cybersecurity-blog\/how-to-analyze-malware-eric-parker-guide\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/any.run\/cybersecurity-blog\/"},{"@type":"ListItem","position":2,"name":"Instructions on ANY.RUN","item":"https:\/\/any.run\/cybersecurity-blog\/category\/instructions\/"},{"@type":"ListItem","position":3,"name":"How to Analyze Malware in ANY.RUN Sandbox: Eric Parker&#8217;s Guide"}]},{"@type":"WebSite","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/","name":"ANY.RUN&#039;s Cybersecurity Blog","description":"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.","publisher":{"@id":"https:\/\/any.run\/"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/any.run\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/any.run\/","name":"ANY.RUN","url":"https:\/\/any.run\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","width":1,"height":1,"caption":"ANY.RUN"},"image":{"@id":"https:\/\/any.run\/"},"sameAs":["https:\/\/www.facebook.com\/www.any.run\/","https:\/\/twitter.com\/anyrun_app","https:\/\/www.linkedin.com\/company\/30692044","https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ"]},{"@type":"Person","@id":"https:\/\/any.run\/","name":"ANY.RUN","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","caption":"ANY.RUN"},"url":"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/"}]}},"_links":{"self":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/8787"}],"collection":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/comments?post=8787"}],"version-history":[{"count":15,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/8787\/revisions"}],"predecessor-version":[{"id":14493,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/8787\/revisions\/14493"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media\/8796"}],"wp:attachment":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media?parent=8787"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/categories?post=8787"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/tags?post=8787"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}