Any.Run is a malware analysis tool or scanner that allows the users to play with malware and viruses in a secure environment. This interactive tool allows both dynamic and static research on Windows; it analyses the events which are happening during the task execution, not the file itself. The free community version of this tool was opened to the public two weeks back.
Any.Run – An Online Malware Analysis Tool
Any.Run is based out of Russia; it was founded in 2016 by security researcher Alexey Lapshin. His team now comprises of five developers who work on advancing the platform. What makes this tool unique from other sandbox analysis tools is that it is totally interactive. It basically implies, that instead of uploading a file and waiting for a sandbox to spit out a report, Any.Run allows the users to simply upload a file and have real-time interactions with the sandbox while it analyses the file. Note, no installation is needed.
Simply put, Any.Run allows you to interactively watch the investigation process and make adjustments when needed, just like you would do it on a real system, rather than depending on automated sandbox.
Using Any.Run is very simple.
Step 1 – Click On New Task
First, click on the new task icon which displays on basic task dialog.
Step 2 – Set Up A New Analysis Task
The users can set up a new task by going to the advanced mode to:
- Select the file or URL that needs to be analyzed
- Select the operating system (Windows 7/8.1/10) for the sandbox
- Choose connectivity options
- Select software that should be preloaded
- Define the duration of the interactive session
Step 3: Launch Sandbox
Click the ‘Run” button when ready. Any.Run will start building the configured environment, display the sandbox environment which the users can interact with, and then launch the requested program.
Step4: Monitor Application Activity
Once launched, the users can interact with the desktop, click on buttons, open the start menu, user browsers, open the registry editor, open task manager, and run applications just like they would normally do. The only difference is that the sandbox would record all the network requests, process calls, file activity, and registry activities.
This way users can view any network requests, processes being created, and file activity in real-time. For detailed network request information, users can click on it to see the request and the response. Users can also click on a launched process to see which files have been modified, what registry changes were made, which libraries were used, and more.
Any.Run’s Free Community Version Has A Few Limitations
- It only supports Windows 7 32-bit as a virtual environment, this means users cannot use it to analyze the behavior of 64-bit files in that version.
- The maximum file size is set to 16 Megabyte
- Any file that is uploaded to the service can be downloaded by anyone, making confidentiality an issue.
Irrespective of the fact that Any.Run has few limitations it still is a good option for those who want to analyze few files before they can run it on their own machines.