Detonate File - ANYRUN Deprecated

Deprecated. Use ANY.RUN Detonate File [Windows, Linux, Android] instead.

ANY.RUN · 7 tasks · 3 inputs · 69 outputs

Inputs

  • File — File object of the file to detonate. The File is taken from the context.
  • Interval — Duration for executing the pooling (in minutes)
  • Timeout — The duration after which to stop pooling and to resume the playbook (in minutes)

Outputs

  • ANYRUN.Task.AnalysisDate — Date and time the analysis was executed.
  • ANYRUN.Task.Behavior.Category — Category of a process behavior.
  • ANYRUN.Task.Behavior.Action — Actions performed by a process.
  • ANYRUN.Task.Behavior.ThreatLevel — Threat score associated with a process behavior.
  • ANYRUN.Task.Behavior.ProcessUUID — Unique ID of the process whose behaviors are being profiled.
  • ANYRUN.Task.Connection.Reputation — Connection reputation.
  • ANYRUN.Task.Connection.ProcessUUID — ID of the process that created the connection.
  • ANYRUN.Task.Connection.ASN — Connection autonomous system network.
  • ANYRUN.Task.Connection.Country — Connection country.
  • ANYRUN.Task.Connection.Protocol — Connection protocol.
  • ANYRUN.Task.Connection.Port — Connection port number.
  • ANYRUN.Task.Connection.IP — Connection IP number.
  • ANYRUN.Task.DnsRequest.Reputation — Reputation of the DNS request.
  • ANYRUN.Task.DnsRequest.IP — IP addresses associated with a DNS request.
  • ANYRUN.Task.DnsRequest.Domain — Domain resolution of a DNS request.
  • ANYRUN.Task.Threat.ProcessUUID — Unique process ID from where the threat originated.
  • ANYRUN.Task.Threat.Msg — Threat message.
  • ANYRUN.Task.Threat.Class — Class of the threat.
  • ANYRUN.Task.Threat.SrcPort — Port on which the threat originated.
  • ANYRUN.Task.Threat.DstPort — Destination port of the threat.
  • ANYRUN.Task.Threat.SrcIP — Source IP address where the threat originated.
  • ANYRUN.Task.Threat.DstIP — Destination IP address of the threat.
  • ANYRUN.Task.HttpRequest.Reputation — Reputation of the HTTP request.
  • ANYRUN.Task.HttpRequest.Country — HTTP request country.
  • ANYRUN.Task.HttpRequest.ProcessUUID — ID of the process making the HTTP request.
  • ANYRUN.Task.HttpRequest.Body — HTTP request body parameters and details.
  • ANYRUN.Task.HttpRequest.HttpCode — HTTP request response code.
  • ANYRUN.Task.HttpRequest.Status — Status of the HTTP request.
  • ANYRUN.Task.HttpRequest.ProxyDetected — Whether the HTTP request was made through a proxy.
  • ANYRUN.Task.HttpRequest.Port — HTTP request port.
  • ANYRUN.Task.HttpRequest.IP — HTTP request IP address.
  • ANYRUN.Task.HttpRequest.URL — HTTP request URL.
  • ANYRUN.Task.HttpRequest.Host — HTTP request host.
  • ANYRUN.Task.HttpRequest.Method — HTTP request method type.
  • ANYRUN.Task.FileInfo — Details of the submitted file.
  • ANYRUN.Task.OS — OS of the sandbox in which the file was analyzed.
  • ANYRUN.Task.ID — The unique ID of the task.
  • ANYRUN.Task.MIME — The MIME of the file submitted for analysis.
  • ANYRUN.Task.MD5 — The MD5 hash of the file submitted for analysis.
  • ANYRUN.Task.SHA1 — The SHA1 hash of the file submitted for analysis.
  • ANYRUN.Task.SHA256 — The SHA256 hash of the file submitted for analysis.
  • ANYRUN.Task.SSDeep — SSDeep hash of the file submitted for analysis.
  • ANYRUN.Task.Verdict — ANY.RUN verdict for the maliciousness of the submitted file or URL.
  • ANYRUN.Task.Process.FileName — File name of the process.
  • ANYRUN.Task.Process.PID — Process identification number.
  • ANYRUN.Task.Process.PPID — Parent process identification number.
  • ANYRUN.Task.Process.ProcessUUID — Unique process ID (used by ANY.RUN).
  • ANYRUN.Task.Process.CMD — Process command.
  • ANYRUN.Task.Process.Path — Path of the executed command.
  • ANYRUN.Task.Process.User — User who executed the command.
  • ANYRUN.Task.Process.IntegrityLevel — The process integrity level.
  • ANYRUN.Task.Process.ExitCode — Process exit code.
  • ANYRUN.Task.Process.MainProcess — Whether the process is the main process.
  • ANYRUN.Task.Process.Version.Company — Company responsible for the program executed.
  • ANYRUN.Task.Process.Version.Description — Description of the type of program.
  • ANYRUN.Task.Process.Version.Version — Version of the program executed.
  • DBotScore.Indicator — The indicator that was tested.
  • DBotScore.Score — The actual score.
  • DBotScore.Type — Type of indicator.
  • DBotScore.Vendor — Vendor used to calculate the score.
  • File.Extension — Extension of the file submitted for analysis.
  • File.Name — The name of the file submitted for analysis.
  • File.MD5 — MD5 hash of the file submitted for analysis.
  • File.SHA1 — SHA1 hash of the file submitted for analysis.
  • File.SHA256 — SHA256 hash of the file submitted for analysis.
  • File.SSDeep — SSDeep hash of the file submitted for analysis.
  • File.Malicious.Vendor — For malicious files, the vendor that made the decision.
  • File.Malicious.Description — For malicious files, the reason that the vendor made the decision.
  • ANYRUN.Task.Status — Task analysis status.

Commands used

anyrun-get-report anyrun-run-analysis

Flowchart

yes yes Start Start ANYRUN Submit File for Analysis - anyrun-run-analysis ANYRUN Submit File for An... anyrun-run-analysis GenericPolling - GenericPolling GenericPolling GenericPolling Done Done Is there a File to detonate? Is there a File to detonate? Is ANY.RUN sandbox enabled? Is ANY.RUN sandbox enabled? ANYRUN Get Report - anyrun-get-report ANYRUN Get Report anyrun-get-report