Tool Spotlight: Performing Rapid Triage Analysis using ANY.RUN!
Gathering important indicators of compromise from unknown files is a crucial first step when responding to an incident or performing malware analysis. ANY.RUN is one of my go to tools to help with this task. ANY.RUN provdies quick and safe initial assessment. This cloud-based sandbox environment allows me to detonate the file in a controlled setting, observing its behavior from a browser. ANY.RUN's rapid triage analysis provides valuable insights like network activity, suspicious file creations, and API calls. This initial intel helps me prioritize potential threats and determine if a deeper, more time-consuming analysis is necessary.
Sign up for ANY.RUN to use interactive malware analysis:
https://app.any.run/?utm_source=youtu...
Integrate ANY.RUN solutions into your company:
https://any.run/demo/?utm_source=yout...
Join this channel to get access to perks:
/ @jstrosch
Cybersecurity, reverse engineering, malware analysis and ethical hacking content!
🎓 Courses on Pluralsight 👉🏻 https://www.pluralsight.com/authors/j...
🌶️ YouTube 👉🏻 Like, Comment & Subscribe!
🙏🏻 Support my work 👉🏻 / joshstroschein
🌎 Follow me 👉🏻 / jstrosch , / joshstroschein
⚙️ Tinker with me on Github 👉🏻 https://github.com/jstrosch
🤝 Join the Discord community and more 👉🏻 https://www.thecyberyeti.com
1:46 Today's sample
3:08 Public reports and tags
3:52 Submitting for public analysis
5:08 Running analysis
6:04 Extending analysis run-time
6:36 Interactive desktop session
7:23 Threats tab - aka Suricata alerts
9:01 Investigating HTTP request/response content
11:45 What we've found so far
12:20 Viewing DNS queries
13:45 Leveraging tags to speed up analysis
15:58 Process details
16:08 Config extraction - XOR encrypted URLs
16:55 Summarizing IOCs
17:52 Process graph
18:25 Enhancing understanding with previous reporting
Watch video Tool Spotlight: Performing Rapid Triage Analysis using ANY.RUN! online without registration, duration hours minute second in high quality. This video was added by user Dr Josh Stroschein - The Cyber Yeti 18 September 2024, don't forget to share it with your friends and acquaintances, it has been viewed on our site 36 once and liked it 1 people.