A Windows 11 malware analysis sandbox in ANY.RUN

Windows 11 Sandbox

Working with potential malware can be risky — you don’t want it infecting your main system — but that’s where a Widows 11 sandbox comes in.

A sandbox creates an isolated, contained environment separate from your core operating system. This is what you want when you’re not sure if a file or link can be trusted, and you need to get an idea of what it will do when it runs on a live system.

A Windows 11 malware analysis sandbox in ANY.RUN

What’s more, if you or your workplace runs Windows 11, you’ll want a sandbox using that OS when testing file samples and URLs.

That’s because certain malware deliberately targets specific operating systems and won’t run on others.

Types of windows 11 sandboxes

You’ve got 3 main options for creating a Windows 11 sandbox:

Use the built-in sandbox feature included with Windows 11 home/pro itself (free option).

If you need to analyze a one-off file or link for personal security, use the built in tool.
The built-in Windows option works well for quick, occasional scans of suspicious files. But it’s limited for frequent, in-depth malware analysis. For one, you can’t select a version of Windows other than the one running on your host. This means that you can’t enable a Windows 10 sandbox on a Windows 11 machine with the built-in tool.

Install free virtualization software like VirtualBox or a paid solution like Parallels (free or paid, depending on vendor).

We don’t recommend virtualization unless you need to reverse-engineer malware source code or analyze it with custom tools.

Here’s why: online services like ANY.RUN offer all the benefits of virtualization software, but require much less tinkering and setup, while making it easier to gather deep insights.

ANY.RUN is also safer to use: because it’s a cloud service, there’s no chance you’ll misconfigure something and let the malware escape the sandbox’s confines and infect the host.

Use an online malware analysis sandbox service like ANY.RUN (paid option).

If you need to research a malware sample professionally, use a malware sandbox service like ANY.RUN.
Malware sandboxes are like cryminal forensic labs with the best, shiniest analysis equipment.    They log detailed information about malware’s behavior as it executes: you get insights into everything from threat names to mutexes, processes, IOCs (Indicators of Compromise), you name it.

ANY.RUN provides various reports detailing how the malware behaves.

Try the full power of ANY.RUN for free

Request trial

How to Use Windows 11 Sandbox in ANY.RUN: 3 Steps

To illustrate just how easy it is to setup up a Windows 11 sandbox in ANY.RUN, let’s walk through the process step by step.

ANY.RUN sandbox home page

Step 1. Open the Dashboard

First, create an account if you don’t have one or log in. The screenshot below shows the main dashboard. You can access it directly through this link.

Click the New analysis button or select either the Analyze URL or Analyze Files / Emails button. A configuration window will pop up:

Step 2. Choose What You Need to Analyze

Next, paste in a URL or upload a file you’d like to analyze.  You can even link to files hosted on cloud services. Activate the Download file and start toggle, and the service will automatically download the file from the cloud and begin analyzing it.

ANY.RUN sandbox new analysis
Windows 11 sandbox running in ANY.RUN

Step 3. You’re ready to analyze suspicious files or links!

Select Windows 11 (64-bit) from the Operating system drop-down list, and the service will launch a virtual machine in the cloud that looks like this:

One of the advantages of ANY.RUN is that you can create as many Windows 11 sandboxes as you need — the only limitation is that you can’t run two instances at the same time.

NOTE: Windows 11 in ANY.RUN is a paid feature. Whether it’s worth it for you depends on how often you need to analyze files, how much you value the deep insight into behavior, and how much time you’ll save by not having to tinker with sandbox software.

If you’re interested to learn about pricing, check out our plans here. Not ready to purchase yet? We also offer a free 14-day trial — you can request it here.

What is a Windows 11 Sandbox?

A Windows 11 sandbox is a separate, isolated virtual environment built into the operating system. It allows you to run and test untrusted programs, apps or links safely without risking any potential malware infecting your main system.

The sandbox creates this isolated space using virtualization technology, so it appears as a completely separate system to anything running inside it.

Leveraging ANY.RUN’s Windows 11 Sandbox for Malware Analysis

ANY.RUN is a cloud-based sandbox service specifically designed for detecting, researching, and analyzing malware. It enables you to create a Windows 11 sandbox environment without needing any additional software installed.

IOCs report in ANY.RUN

A key benefit of ANY.RUN is the detailed reports it provides immediately after analyzing a sample, including:

  • Processes spawned by the sample
  • Indicators of Compromise (IOCs) created
  • Malware Tactics, Techniques, and Procedures (TTPs)
  • Configuration strings
  • And many more insights

Consider ANY.RUN’s Windows 11 Sandbox for Malware Analysis

Setting up a Windows 11 sandbox in ANY.RUN is straightforward yet provides powerful malware analysis capabilities.

If you’re an individual, learn more about the different plans and their inclusions on our pricing page.

If you’re a company and need to regularly analyze malware on Windows or Linux systems in a simple and effective analysis solution, reach out to our sales team.

We’ll set up an interactive demo and show you how ANY.RUN can save you hours of time every day while increasing your malware detection rates.

Contact sales