I’ve often had the query: “Is this file dangerous”?

Usually my answer is: most likely, so don’t touch it.

Sometimes however, it might be hard to tell just at face value that a file is dangerous. Sometimes you might legitimately know the sender, be expecting a similar file/PDF or even the victim of perfect impossible-to-tell spear phishing.

In this situation typically I’ll use a service like virustotal.com or https://www.hybrid-analysis.com/ to quickly scan and check the file without ever opening it. The great thing about these sites is the public comments put on files, the vast variety of AV (antivirus) engines running the scan to compare and the speed of the service.

However Any Run is the sandbox environment that allows you to launch a VM, launch or run a specific file and not only see the outcome in a recorded manner but with a breakdown of what the file/malware is doing. Check below this perfect example of ransomware in action:

https://app.any.run/tasks/0b4ffb2b-0e8a-4625-96d3-c15c46671d

Another great feature is the “Process Graph” which shows the scripts or other processes ran by a single file/application. In the example shown above, the process graph details how the ransomware uses VSSADMIN to delete shadow copies (removing local backups and system restore check points). This gives a true breakdown of what the consequences of launching that file can be and just exactly what it would do.

Though this tool is unique, I must shout out to the below online malware analyzers too: https://valkyrie.comodo.com/ https://analyze.intezer.com/#/ https://www.joesandbox.com http://sandbox.pikker.ee/ https://www.vicheck.ca/ and apologies to any that I’ve missed!