HomeService Updates
Release notes December 6, 2022
HomeService Updates
Release notes December 6, 2022

Hello, ANY.RUN users! Today we announce a new update on the service. This time, we present more than 100 signatures for TTPs analysis and detection and also fast and flawless virtual machine video streaming. 

Update overview:

  • Detect more successfully

 +100 new signatures and fewer false positives.

  • Enjoy fast and smooth interaction with VM 

A new beta functionality for virtual machine video streaming. 

New signatures for improved detection

We’ve added more than 100 new signatures both for malware detection and analysis of different TTPs used by threat actors so that your analysis is complete and better. And we’ve reduced the number of false positives.

Our usual signatures provide a detailed report on what is going on while the program is running. And the data is demonstrated in plain language, so anyone can get the whole picture of malware behavior. 

Check out examples of fresh ANY.RUN signatures for new malware versions and, of course, we’ll continue to work on it.

Fresh ANY.RUN signaturesThe detection usage
EmotetNow it’s spreading over the network again and continues
to infect computers on a large scale. We have updated
the signatures for this malware.
WMIC
all requests and what
they are responsible for
WMIC are used by many malware because its responses
contain data about the computer and connections.
Now you can find out what information the malware has asked for.
Mitre 1012 – Query Registry
A common technique used by malicious objects
Detected use of alternative
data streams (AltDS)
NFTS threads are often used for covert running.
The DLL HijackingDLL spoofing is an attack based on replacing a legitimate
DLL file with a malicious library.
Starts NET.EXE to manage
network resources
The process starts NET.EXE to manage network settings
Connection from MS Office applicationMicrosoft Office applications, such as Word, Excel, PowerPoint,
or another, made a network connection
Loading modules from
mounted disk drive
The process loaded its module from the mounted disk drive
Process downloads
binary or script
The process downloads the executable file or script from the Internet
Check the default browserThe process checks which Internet browser set as default in the OS
The process checks
if it is being run
in the virtual environment
The process checks if it is being run in a different
virtual environment to avoid detonation
Process checks computer
location settings
The process checks computer location settings in the registry,
which may lead to geofencing
Unusual connections from
system programs and MOs
Malware often connects to servers via these programs
StealeriumA popular data theft malware
LimeRATMalicious software written in VB.NET
StRRATA trojan-RAT written in Java
Ransomware koxoc noteThe signature helps to detect ransomware 
ISO mountedMany malware types use disk-mounting

Next level of virtual machine video streaming

VM video streaming area is where you work with the virtual machine. We used to cut pieces and put them over the initial shot. It was a very complex algorithm to show numerous small changes during the analysis. But it isn’t suitable for all types of data. 

The virtual machine in our understanding of a useful sandbox must flawlessly allow examining files of any kind. During the analysis of suspicious files, you may face documents with numerous lines, videos with repetitive elements, and other objects with repetitive small changes. So, we just raised to the challenge, and here are our results.

Let’s take a sneak peek at what we have done behind the scenes.  

Choose VNC for better VM streaming

ANY.RUN’s team decided to alter the approach to this issue. Now, we are streaming anything you need on your virtual machine with HTML5 video and moreover, managing the stable bit rate at the same time. 

Owing to this approach, you can notice the following improvements: 

  1. VM video streaming is now faster than it ever has been before. Smooth, fast performance just as it is on your own computer. The number of frames per second has increased, and that is why the image is sleek and stable. Watch videos, streams, endless documents, and spreadsheets with a bunch of data and whatsoever. 
VM video streaming in ANY.RUN

The technology of this solution is new, complex, and is still in beta version and ANY.RUN users have a choice. You can turn this new functionality on in your profile or the New task window– the beta version checkbox is responsible for it. And turn it off if you don’t need this option or face any difficulties due to the state of your machine. 

VNC settings
  1. ANY.RUN’s main goal is to make a perfect area where users interact with a sample. And this time we also focused on decreasing lags and the delay from the performance of any action (drag and click a mouse, push the button). The virtual machine that is so responsive, flexible, and fast simplifies the process of analysis significantly.

Try this new enhancement now at ANY.RUN sandbox and don’t forget to check out our previous November update!

What do you think about this post?

3 answers

  • Awful
  • Average
  • Great

No votes so far! Be the first to rate this post.

3 comments

  • Hey There. I found your blog the usage of msn. This is a very neatly written article.

    I’ll make sure to bookmark it and come back to learn more of
    your helpful info. Thank you for the post. I’ll definitely comeback.

  • Undeniably believe that which you said. Your favorite justification seemed to be on the internet the easiest thing to be aware of. I say to you, I definitely get annoyed while people consider worries that they plainly do not know about. You managed to hit the nail upon the top and defined out the whole thing without having side effect , people can take a signal. Will probably be back to get more. Thanks