performing-dynamic-analysis-with-any-run

# Performing Dynamic Analysis with ANY.RUN ## When to Use - Interactive malware analysis is needed where the analyst must click dialogs, enter credentials, or navigate installer screens - Rapid cloud-based sandbox analysis without maintaining local sandbox infrastructure - Malware requires user interaction to proceed past anti-sandbox checks (document macros requiring "Enable Content") - Sharing analysis results with team members via public or private task URLs - Comparing behavior across different OS versions (Windows 7, 10, 11) available in ANY.RUN **Do not use** for highly sensitive samples that cannot be uploaded to cloud services; use an on-premises sandbox like Cuckoo instead. ## Prerequisites - ANY.RUN account (free community tier or paid subscription at https://any.run) - Modern web browser with WebSocket support for interactive session streaming - Sample file ready for upload (max 100 MB for free tier, 256 MB for paid) - Understanding of the sample type to select appropriate execution environment - VPN or secure network for accessing ANY.RUN portal during analysis sessions ## Workflow ### Step 1: Configure Analysis Environment Set up the ANY.RUN task with appropriate parameters: ``` ANY.RUN Task Configuration: ━━━━━━━━━━━━━━━━━━━━━━━━━━ OS Selection: Windows 10 x64 (recommended default) Windows 7 x64 (for legacy malware) Windows 11 x64 (for modern samples) Execution Time: 60 seconds (default) / 120-300 fo...