Hi all, more than a year I am using this cloud based malware Hunting/testing platform to test latest malware's and the thread which is reported by my clients.
The name of the cloud service is Any.Run were we can test the malware and analysis the behavior with automated environment.
What you will get ?
- NEXT-Gen Sandbox with full interactive access
- Real-time data-flow
- Threat intelligence
- Easy to share
What you can do ?
- Real-time interaction
- Network tracking
- Process monitoring
- MITRE ATT&CK™ mapping
- Behavior graph
Anyone can access the this tool by free subscription program with some predefined limitations.
Register at https://app.any.run/#register
How to Use ?
1.Once you did login, will see the dashboard like below. Click the " New task " button.
2.Now the below window will appear in your screen. There which contain multiple option to customize our testing environment .
- Upload the malicious file or type the URL which you want to test.
- If the malware uses darknet, there an option to route traffic via TOR
- Can run command to execute/activate the malware from particular Dir.
Then click "Run" button which is located in right side bottom.
3. Any.Run will prepare the customized test environment by Automated process.
Once the process done will display the screen like below. There you can access the Windows Operating system over the browser. (like VM web-Console)
4. Now its your hunting time. You can manually run the virus/Document/execute the command to analyse the behavior of the test object.
Below for testing I created a website with "cryptojacking" malware (Crypto-currency miner) and open in the Any.Run environment to analyze the behavior.
While running the test right side able to see the PC's CPU utilization of malware and process monitoring on the right side of the browser window.
- As per the behavior of the Cryptojacking attack, CPU reaches critical level.
- Chrome.exe utilizing the 100% CPU
From this Widget after test we can collect the Sample file, IOC, Test Report, ATT&CK matrix and share the report in Social Media.
From the bottom of the browser able to monitor the network traffic parameters,
> TCP Connection request (TCP ports,Source, Destination IP address and etc. )
> DNS query
> Name of the Malware/Thread (Any.Run analyse the traffic with IPS engine)
And there is an option to download the PCAP file of the test at right top of the widget.