What we have for

FASTEST MALWARE ANALYSIS

  • Interactive access
  • A wide set of environments
  • Live process events data
  • A large number of analyses
  • IOCs in convenient format
  • Extended IDS rulesets
  • Free version for community

INTERACT WITH OS AND GET IMMEDIATE RESULT

Currently, the submission process on our online sandbox plays out like a step by step quest. Thanks to the interactivity of our service, with dynamic malware analysis you have total control over the malware activity and can affect it in a few clicks, which you can not do with automated malware analysis. Find your own unique approach to the analysis of each malware sample!

  • Affect the malware behavior in a few clicks
  • Immediately get the dynamic malware analysis data
  • Interact with the sandbox simulation as needed
  • Quickly copy and paste data from/to the sandbox
  • Use popular browsers to surf the internet as on the real machine

OPEN URLs IN DIFFERENT BROWSERS

Modern exploit kits can create various issues in different browsers. Therefore, checking suspicious URLs in just one browser may not show all attack vectors of the malware.

Our analysis service supports the latest versions of all popular browsers and operating systems, which optimizes phishing attacks researching, while the ability to download pages with a custom User-Agent header is useful to research phishing on mobile devices.

  • Check URLs in the sandbox with multiple browsers for robust results
  • Research phishing attacks using optimized tools
  • The latest version of browsers and operating systems improve URL analysis quality

MITRE ATT&CK MAPPING

Structural understanding of attacks is very important for threat security analysis.

Most of our signatures are mapped to the mitre ATT&CK matrix and are presented in a convenient way, providing unlimited opportunities for training new staff.

Our malware analysis service makes understanding how the attack took place and what techniques were used much easier!

  • Understand cyber threats objectives
  • Expand the knowledge of malware analyst
  • Identify actions that malware performs step-by-step

INTERACTIVE PROCESS GRAPHS

Our service displays the attack pattern in an interactive visual tree structure, allowing malware analyst to easily analyze the main malicious processes at a glance. The free version of our service displays:

  • The type of file being launched (browser, script interpreter, office application, etc.)
  • The family of malicious activity, if it was determined
  • Malicious files being downloaded and dropped before launch
  • Injection direction

All Graphs on our sandbox are fully interactive, allowing researchers to select processes and view more detailed information. Graphs are also automatically included in text reports, giving them additional visibility.

ANALYZE CONTENT OF DIFFERENT FILETYPES

Each new public task complements a huge database. All our data may be used for reanalysis in our system or exported for external analysis. It includes:

  • Uploaded or downloaded malware samples
  • Created/modified malicious files of any format
  • Malicious files of any format downloaded/uploaded on the Internet
  • Full network activity dump (PCAP)
  • SSL keys for decrypting traffic in external programs (paid feature).

THOUSANDS OF MALWARE REPORTS PER DAY

Our HTML report function allows researchers to format the result of the malware analysis online in order to share with colleagues or for printing.

We provide comprehensive information on the analysis which includes all indicators of compromises, screenshots and Process behavior graphs.

Text reports are customizable and allow excluding unneeded features and hiding sections so that excessive information does not end up in the final presentation.

  • Format your results for printing
  • Present comprehensive information with our report functions
  • Edit reports to exclude unwanted data

ANALYZE NETWORK EVENTS

Investigate HTTP(s) requests/responses and their headers, even for URLs with SSL encryption, with MITM proxy feature! All connections are bound to the processes to know which process is doing it. Watch the network streams to know what data is being sent there. We analyze all the network events and show reputation level if we know something about it. Moreover, we provide extended IDS rulesets with detailed information about the threat.

Route you connection via TOR and leave no chance for malware to escape your eye with network geolocation feature. Choose the country from where you want to surf.

After the malware traffic analysis, export PCAP and SSL keys for use in external malware analysis tools.

IOCS: SUMMARY OF INDICATORS OF COMPROMISE

Get valuable information about the artifacts of network and operating system that were found during the online malware analysis. Use the data to proactively guard against evasive threats in your system. All selected indicators of compromise can be quickly copied and shared with your colleagues or exported to JSON format.

USE ANY.RUN
Community version for