Tool Spotlight: Performing Rapid Triage Analysis using ANY.RUN!

Name: Tool Spotlight: Performing Rapid Triage Analysis using ANY.RUN!
Uploaded: Sep 18, 2024
Duration: 1381 s

Dr Josh Stroschein - The Cyber Yeti26.4K subscribers

821 views

Sep 18, 2024

23:01

Gathering important indicators of compromise from unknown files is a crucial first step when responding to an incident or performing malware analysis. ANY.RUN is one of my go to tools to help with this task. ANY.RUN provdies quick and safe initial assessment. This cloud-based sandbox environment allows me to detonate the file in a controlled setting, observing its behavior from a browser. ANY.RUN's rapid triage analysis provides valuable insights like network activity, suspicious file creations, and API calls. This initial intel helps me prioritize potential threats and determine if a deeper, more time-consuming analysis is necessary. Sign up for ANY.RUN to use interactive malware analysis: https://app.any.run/?utm_source=youtube&utm_medium=video&utm_campaign=thr-cyber-yeti&utm_content=register&utm_term=180924#register Integrate ANY.RUN solutions into your company: https://any.run/demo/?utm_source=youtube&utm_medium=video&utm_campaign=thr-cyber-yeti&utm_content=demo&utm_term=180924 Join this channel to get access to perks: https://www.youtube.com/channel/UCI8zwug_Lv4_-KPT62oeDUA/join Cybersecurity, reverse engineering, malware analysis and ethical hacking content! 🎓 Courses on Pluralsight 👉🏻 https://www.pluralsight.com/authors/josh-stroschein 🌶️ YouTube 👉🏻 Like, Comment & Subscribe! 🙏🏻 Support my work 👉🏻 https://patreon.com/JoshStroschein 🌎 Follow me 👉🏻 https://twitter.com/jstrosch, https://www.linkedin.com/in/joshstroschein/ ⚙️ Tinker with me on Github 👉🏻 https://github.com/jstrosch 🤝 Join the Discord community and more 👉🏻 https://www.thecyberyeti.com 1:46 Today's sample 3:08 Public reports and tags 3:52 Submitting for public analysis 5:08 Running analysis 6:04 Extending analysis run-time 6:36 Interactive desktop session 7:23 Threats tab - aka Suricata alerts 9:01 Investigating HTTP request/response content 11:45 What we've found so far 12:20 Viewing DNS queries 13:45 Leveraging tags to speed up analysis 15:58 Process details 16:08 Config extraction - XOR encrypted URLs 16:55 Summarizing IOCs 17:52 Process graph 18:25 Enhancing understanding with previous reporting

Download

0 formats

No download links available.