BLACK FRIDAY: 2-for-1 offer NOVEMBER 20 - 26 See details

Malware research with ANY.RUN

Take your research work to the next level with our interactive malware analysis sandbox by using our innovative technologies for your cyberdefense!


Our benefits for your business

Interactive analysis

interactive analysis

Submit a suspicious file into the cloud sandbox and start real-time analysis in a few seconds, affect the simulation by launching various programs, rebooting the system and running various scenarios.

simplification of the analyst algorithm

All important analysis tools and indicators are always on the main screen, allowing you to understand what exactly is going on much easier as well as get analysis results faster.

speed of getting the result

Thanks to the interactivity of processes you will be able to receive initial results immediately after a task is launched. Often, just a few minutes is enough to complete the task.

UX - intuitive interface

We strive to make malware analysis as simple and straightforward as possible for users of any level. We are proud that thanks to the simplicity of our interface, anybody can start using the service right away.

reduced equipment costs

Our cloud service allows launching analysis on any personal computer or laptop from absolutely anywhere as long as there is internet connection. Users don’t have to buy additional servers, software or hardware.

Large malicious database

We analyze thousands of malware samples daily, which gets us access to the most up-to-date data from all over the globe. With ANY.RUN, you will be able to receive the latest data, hashes, IOC almost instantly.

Use cases

Public malware research

Effective analyst training

Private Threat hunting

Public malware research

The free version of our malware analysis service is ideal for public use by independent professionals, individual studies and personal projects.

  • Interactive access
  • Research threats by filter in public submissions
  • File and URL dynamic analysis
  • Mitre ATT&CK mapping
  • Detailed malware reports

Thanks to our large community of researchers, we receive thousands analysis files on a daily basis and store them in our open database, providing free research material that aids users in their own studies of malicious content in our sandbox. The free version enables users to analyze malicious files, share them with colleagues in a form of accessible visual reports as well as make publications on social media.

Efficient analyst training

ANY.RUN allows researchers to Increase their skills and learn how to dynamically analyze malware thanks to easy-to-understand reports and graphical charts that display information in an accessible format, providing a great introduction to malware analysis. Companies can benefit from a specially developed Searcher plan which is fit perfectly for staff training. Being the first professional plan with a private mode, it provides the ability to work on Windows 7 64-bit operating system.

With Searcher plan, users will get access to

  • Unlimited number of uploads
  • Privacy options for commercial usage
  • Big database with tracking ability
  • Extended IDS rule sets
  • Text, Graph and Video reports

Automatic monitoring is not enough if information security requirements are particularly high, that’s why our service allows users to interact the analysis at any time.

Private Threat hunting

Experienced malware analytics prefer to use Hunter plan. It contains all of the features that you might need to detect malware quickly and efficiently.

  • The choice from the most popular Windows operating systems
  • Various pre-installed software presets
  • Reboot support
  • Automatically export history to JSON and MISP
  • Network geolocation
  • Teamwork feature
  • Running tasks via API

Deep analysis on special conditions. Your uploads are the first in the service queue. See all of the system processes on the virtual machine. In Teamwork feature your company has a general audit history. All members of your team who have registered with ANY.RUN have access to it.


Our API enables you to integrate ANY.RUN into your malware analysis framework. The API will allow DFIR specialists to automatically submit files and URLs for analysis to the sandbox and focus on the task at hand, minimizing the required time for research.

Also, API simplifies downloading your report and team history data, making interactive malware analysis even more comfortable.

Community version for