Saturday, December 7, 2024
HomeCyber AttackANY.RUN Sandbox Automates Interactive Analysis of Complex Cyber Attack Chains

ANY.RUN Sandbox Automates Interactive Analysis of Complex Cyber Attack Chains

Published on

SIEM as a Service

ANY.RUN, a well-known interactive malware analysis platform, has announced Smart Content Analysis, an enhancement to its Automated Interactivity feature. This new mechanism is designed to automatically analyze and detonate complex malware and phishing attacks, providing investigators with quicker and more detailed insights into malicious behavior.

Speed Optimization for Investigations: Accelerates the analysis workflow, saving time for cybersecurity professionals by streamlining the detonation process.

Automated Detonation of Advanced Threats: It enables automated processing of sophisticated malware and phishing campaigns, reducing the need for manual intervention.

- Advertisement - SIEM as a Service

Enhanced Insight Generation: Delivers in-depth behavioral analysis, highlighting malicious actions and patterns for faster decision-making.

About Smart Content Analysis 

ANY.RUN’s Smart Content Analysis is an advanced feature within its Automated Interactivity suite, designed to autonomously execute multi-stage cyber attacks for comprehensive analysis. This mechanism operates through a structured three-step process:

  1. Content Identification: The system scans uploaded files to detect critical components, such as URLs and email attachments.
  2. Content Extraction: It extracts elements essential for advancing the attack, including URLs embedded within QR codes or those modified by security filters.
  3. Simulated User Interactions: The platform engages with the malicious content in a controlled environment by opening URLs in a browser or executing payloads found in email archive attachments to observe their behavior.
Automated Interactivity toggle inside ANY.RUN sandbox 

Detonating a Multi-Stage Attack with Automated Interactivity 

With this new upgrade, ANY.RUN’s sandbox can automatically execute the following types of content found at different stages of complex cyber attacks: 

  • URLs inside QR codes 
  • Modified links 
  • Multi-stage redirects 
  • Email attachments 
  • Payloads with archives 

Users interested can get a 14-day free trial of ANY.RUN to explore Automated Interactivity and other PRO features  

Consider the following multi-stage phishing attack analyzed with Automated Interactivity.  

The phishing email analyzed with Automated Interactivity 

The system automatically opens the .eml file submitted by the user via Outlook, detects a PDF attachment, and scans its contents. 

The static analysis module in ANY.RUN sandbox reveals the link hidden in the QR 

Inside the PDF, it identifies a QR code, instantly extracts the embedded URL, and opens it in a browser.   

ANY.RUN sandbox automatically solving CAPTCHA challenges 

When faced with a CAPTCHA challenge, commonly used to evade detection, the feature successfully solves it and moves on to the next stage of the attack. 

The final phishing page designed to steal victims’ credentials 

Eventually, it successfully reaches the final phishing page, not only ensuring complete detection of the attack, but also providing additional context on the threat at hand. 

Adaptive to New Threats 

ANY.RUN’s Smart Content Analysis is built to adapt to the changing threat landscape. With regular attack scenario updates from the ANY.RUN threat research team, the system remains aligned with emerging attack methods, allowing it to handle even the latest and most evasive threats. 

Exploring Smart Content Analysis 

Automated Interactivity helps security professionals streamline and improve their threat investigations: 

  • Less manual effort: No more wasted clicks. Let the sandbox handle repetitive actions so you can focus on the bigger picture.  
  • Faster, deeper insights: Go beyond surface detections with simulations that bring hidden threat layers to light.  
  • Speedy analysis: Accelerate your analysis with automation that moves as fast as you do, from simple phishing links to layered attack chains. 

Users can request a 14-day free trial of ANY.RUN’s Interactive Sandbox to try Automated Interactivity for free.

𝐀𝐛𝐨𝐮𝐭 𝐀𝐍𝐘.𝐑𝐔𝐍

ANY.RUN is a widely utilized interactive malware analysis platform, serving over 500,000 cybersecurity professionals globally. It offers real-time analysis capabilities for both Windows and Linux environments, enabling users to interact with virtual machines to observe and influence malware behavior directly.

To enhance incident response and threat intelligence, ANY.RUN provides several advanced tools:

Threat Intelligence Feeds: ANY.RUN offers real-time streams of the latest indicators of compromise (IOCs), including malicious IPs, URLs, and domains, which can be integrated into existing security systems to bolster defenses against emerging threats.

TI Lookup: This feature allows analysts to access a comprehensive database of threat indicators, facilitating quick identification and contextual understanding of various cyber threats.

YARA Search: Users can perform YARA searches against real threat data collected by a vast community of researchers, obtaining search results swiftly with real-world malware usage examples.

Users can connect through social media: X, LinkedIn.

Contact

ANYRUN FZCO
pr@any.run
+1 657-366-5050

Kaaviya
Kaaviya
Kaaviya is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space.

Latest articles

DaMAgeCard Attack – New SD Card Attack Lets Hackers Directly Access System Memory

Security researchers have identified a significant vulnerability dubbed "DaMAgeCard Attack" in the new SD...

Deloitte Denies Breach, Claims Only Single System Affected

Ransomware group Brain Cipher claimed to have breached Deloitte UK and threatened to publish...

Top Five Industries Most Frequently Targeted by Phishing Attacks

Researchers analyzed phishing attacks from Q3 2023 to Q3 2024 and identified the top...

Russian BlueAlpha APT Exploits Cloudflare Tunnels to Distribute Custom Malware

BlueAlpha, a Russian state-sponsored group, is actively targeting Ukrainian individuals and organizations by using...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

DaMAgeCard Attack – New SD Card Attack Lets Hackers Directly Access System Memory

Security researchers have identified a significant vulnerability dubbed "DaMAgeCard Attack" in the new SD...

Deloitte Denies Breach, Claims Only Single System Affected

Ransomware group Brain Cipher claimed to have breached Deloitte UK and threatened to publish...

Top Five Industries Most Frequently Targeted by Phishing Attacks

Researchers analyzed phishing attacks from Q3 2023 to Q3 2024 and identified the top...