Detonate File - Generic

Detonate files through one or more active integrations that support file detonation. Supported integrations: - SecneurX Analysis - ANY.RUN Cloud Sandbox - McAfee Advanced Threat Defense - WildFire - Lastline - Cuckoo Sandbox - Cisco Secure Malware Analytics (ThreatGrid) - JoeSecurity - CrowdStrike Falcon Sandbox - FireEye AX - VMRay Analyzer - Polygon - CrowdStrike Falcon Intelligence Sandbox - OPSWAT Filescan.

Common Playbooks · 21 tasks · 3 inputs · 489 outputs

Inputs

  • EntryID — Entry ID of file to be detonated
  • File — File object of file to be detonated
  • anyrun_os — Specify ANY.RUN operation system type. Supports: windows, linux, android

Outputs

  • Joe.Analysis.Status — Analysis Status.
  • File.Name — The file's name (only in case of report type=json).
  • File.SHA1 — SHA1 hash of the file.
  • File.SHA256 — SHA256 hash of the file.
  • File.Size — File size (only in case of report type=json).
  • File.Type — File type e.g. "PE" (only in case of report type=json).
  • File.Malicious — The File malicious description.
  • File.Malicious.Description — For malicious files, the reason for the vendor to make the decision.
  • File.Malicious.Vendor — For malicious files, the vendor that made the decision.
  • DBotScore — The Indicator's object.
  • DBotScore.Indicator — The indicator that was tested.
  • DBotScore.Score — The actual score.
  • DBotScore.Type — The type of the indicator.
  • DBotScore.Vendor — Vendor used to calculate the score.
  • IP.Address — IP's relevant to the sample.
  • DBotScore.Malicious.Vendor — Vendor used to calculate the score.
  • DBotScore.Malicious.Detections — The sub analysis detection statuses.
  • DBotScore.Malicious.SHA1 — The SHA1 of the file.
  • File — The File's object.
  • File.MD5 — MD5 hash of the file.
  • Joe.Analysis.SampleName — Sample Data, could be a file name or URL.
  • Joe.Analysis.Comments — Analysis Comments.
  • Joe.Analysis.Time — Submitted Time.
  • Joe.Analysis.Runs — Sub-Analysis Information.
  • Joe.Analysis.Result — Analysis Results.
  • Joe.Analysis.Errors — Raised errors during sampling.
  • Joe.Analysis.Systems — Analysis OS.
  • Joe.Analysis.MD5 — MD5 of analysis sample.
  • Joe.Analysis.SHA1 — SHA1 of analysis sample.
  • Joe.Analysis.SHA256 — SHA256 of analysis sample.
  • InfoFile.Name — FileName of the report file.
  • InfoFile.EntryID — The EntryID of the report file.
  • InfoFile.Size — File Size.
  • InfoFile.Type — File type e.g. "PE".
  • InfoFile.Info — Basic information of the file.
  • File.Extension — The extension of the file.
  • InfoFile — The report file's object.
  • WildFire.Report — The submission object.
  • WildFire.Report.Status — The status of the submission.
  • WildFire.Report.SHA256 — SHA256 of the submission.
  • WildFire.Report.MD5 — MD5 of the submission.
  • WildFire.Report.FileType — The type of the submission.
  • WildFire.Report.Size — The size of the submission.
  • Joe.Analysis — The Analysis object.
  • Cuckoo.Task.Category — Category of task.
  • Cuckoo.Task.Machine — Machine of task.
  • Cuckoo.Task.Errors — Errors of task.
  • Cuckoo.Task.Target — Target of task.
  • Cuckoo.Task.Package — Package of task.
  • Cuckoo.Task.SampleID — Sample ID of task.
  • Cuckoo.Task.Guest — Task guest.
  • Cuckoo.Task.Custom — Custom values of task.
  • Cuckoo.Task.Owner — Task owner.
  • Cuckoo.Task.Priority — Priority of task.
  • Cuckoo.Task.Platform — Platform of task.
  • Cuckoo.Task.Options — Task options.
  • Cuckoo.Task.Status — Task status.
  • Cuckoo.Task.EnforceTimeout — Is timeout of task enforced.
  • Cuckoo.Task.Timeout — Task timeout.
  • Cuckoo.Task.Memory — Task memory.
  • Cuckoo.Task.Tags — Task tags.
  • Cuckoo.Task.ID — ID of task.
  • Cuckoo.Task.AddedOn — Date on which the task was added.
  • Cuckoo.Task.CompletedOn — Date on which the task was completed.
  • Cuckoo.Task.Score — Reported score of the the task.
  • Cuckoo.Task.Monitor — Monitor of the reported task.
  • VMRay.Job — The Job Object.
  • VMRay.Job.JobID — The ID of a new job.
  • VMRay.Job.SampleID — The ID of sample.
  • VMRay.Job.Created — The timestamp of the created job.
  • VMRay.Job.VMName — The name of virtual machine.
  • VMRay.Job.VMID — The ID of virtual machine.
  • VMRay.Sample — The Sample For Analysis.
  • VMRay.Sample.SampleID — The sample ID of the task.
  • VMRay.Sample.Created — The timestamp of the created sample.
  • VMRay.Sample.FileName — The file name of the sample.
  • VMRay.Sample.MD5 — The MD5 hash of the sample.
  • VMRay.Sample.SHA1 — The SHA1 hash of the sample.
  • VMRay.Sample.SHA256 — The SHA256 hash of the sample.
  • VMRay.Sample.SSDeep — The SSDeep of the sample.
  • VMRay.Sample.Verdict — Verdict for the sample (Malicious, Suspicious, Clean, Not Available).
  • VMRay.Sample.VerdictReason — Description of the Verdict Reason.
  • VMRay.Sample.Severity — Severity of the sample (Malicious, Suspicious, Good, Blacklisted, Whitelisted, Unknown). Deprecated.
  • VMRay.Sample.Type — The file type.
  • VMRay.Sample.Classifications — The classifications of the sample.
  • VMRay.Submission — Submission Object.
  • VMRay.Submission.SubmissionID — The submission ID.
  • VMRay.Submission.HadErrors — Whether there are any errors in the submission.
  • VMRay.Submission.IsFinished — The status of submission. Can be, "true" or "false".
  • VMRay.Submission.MD5 — The MD5 hash of the sample in submission.
  • VMRay.Submission.SHA1 — The SHA1 hash of the sample in submission.
  • VMRay.Submission.SHA256 — The SHA256 hash of the sample in submission.
  • VMRay.Submission.Verdict — Verdict for the sample (Malicious, Suspicious, Clean, Not Available).
  • VMRay.Submission.VerdictReason — Description of the Verdict Reason.
  • VMRay.Submission.Severity — Severity of the sample (Malicious, Suspicious, Good, Blacklisted, Whitelisted, Unknown). Deprecated.
  • VMRay.Submission.SSDeep — The SSDeep hash of the sample in submission.
  • VMRay.Submission.SampleID — The ID of the sample in submission.
  • VMRay.Sample.IOC.File — File Object.
  • VMRay.Sample.IOC.File.AnalysisID — The IDs of other analyses that contain the given file.
  • VMRay.Sample.IOC.File.Name — The name of the file.
  • VMRay.Sample.IOC.File.Operation — The operation of the given file.
  • VMRay.Sample.IOC.File.ID — The ID of the file.
  • VMRay.Sample.IOC.File.Type — The type of the file.
  • VMRay.Sample.IOC.File.Hashes — File Hashes Object.
  • VMRay.Sample.IOC.File.Hashes.MD5 — The MD5 hash of the given file.
  • VMRay.Sample.IOC.File.Hashes.SSDeep — The SSDeep hash of the given file.
  • VMRay.Sample.IOC.File.Hashes.SHA256 — The SHA256 hash of the given file.
  • VMRay.Sample.IOC.File.Hashes.SHA1 — The SHA1 hash of the given file.
  • VMRay.Sample.IOC.URL — URL Object.
  • VMRay.Sample.IOC.URL.AnalysisID — The IDs of the other analyses that contain the given URL.
  • VMRay.Sample.IOC.URL.URL — The URL.
  • VMRay.Sample.IOC.URL.Operation — The operation of the specified URL.
  • VMRay.Sample.IOC.URL.ID — The ID of the URL.
  • VMRay.Sample.IOC.URL.Type — The type of the URL.
  • VMRay.Sample.IOC.Domain — Domain Object.
  • VMRay.Sample.IOC.Domain.AnalysisID — The IDs of the other analyses that contain the given domain.
  • VMRay.Sample.IOC.Domain.Domain — The domain.
  • VMRay.Sample.IOC.Domain.ID — The ID of the domain.
  • VMRay.Sample.IOC.Domain.Type — The type of the domain.
  • VMRay.Sample.IOC.IP — IP Object.
  • VMRay.Sample.IOC.IP.AnalysisID — The IDs of the other analyses that contain the given IP address.
  • VMRay.Sample.IOC.IP.IP — The IP address.
  • VMRay.Sample.IOC.IP.Operation — The operation of the given IP address.
  • VMRay.Sample.IOC.IP.ID — The ID of the IP address.
  • VMRay.Sample.IOC.IP.Type — The type of the IP address.
  • VMRay.Sample.IOC.Mutex — Mutex Object.
  • VMRay.Sample.IOC.Mutex.AnalysisID — The IDs of other analyses that contain the given IP address.
  • VMRay.Sample.IOC.Mutex.Name — The name of the mutex.
  • VMRay.Sample.IOC.Mutex.Operation — The operation of the given mutex.
  • VMRay.Sample.IOC.Mutex.ID — The ID of the mutex.
  • VMRay.Sample.IOC.Mutex.Type — The type of the mutex.
  • VMRay.ThreatIndicator — Indicator Object.
  • VMRay.ThreatIndicator.AnalysisID — The list of connected analysis IDs.
  • VMRay.ThreatIndicator.Category — The category of threat indicators.
  • VMRay.ThreatIndicator.Classification — The classifications of threat indicators.
  • VMRay.ThreatIndicator.ID — The ID of the threat indicator.
  • VMRay.ThreatIndicator.Operation — The operation that caused the indicators.
  • SecneurXAnalysis.Report.SHA256 — SHA256 value of the analyzed sample.
  • SecneurXAnalysis.Report.Verdict — Summary result of the analyzed sample.
  • SecneurXAnalysis.Report.Tags — More details of the analyzed sample.
  • SecneurXAnalysis.Report.IOC — List of IOC's observed in the analyzed sample.
  • SecneurXAnalysis.Report.Status — Analysis queued sample state.
  • SecneurXAnalysis.Report.DnsRequests — List of DNS data observed in the analyzed sample.
  • SecneurXAnalysis.Report.HttpRequests — List of HTTP data observed in the analyzed sample.
  • SecneurXAnalysis.Report.JA3Digests — List of JA3 data observed in the analyzed sample.
  • SecneurXAnalysis.Report.ProcessCreated — Process behaviour data observed in the analyzed sample.
  • SecneurXAnalysis.Report.RegistrySet — List of Registry creations observed in the analyzed sample.
  • SecneurXAnalysis.Report.RegistryDeleted — List of Registry deletions observed in the analyzed sample.
  • SecneurXAnalysis.Report.FileCreated — List of File creations observed in the analyzed sample.
  • SecneurXAnalysis.Report.FileDropped — List of File drops observed in the analyzed sample.
  • SecneurXAnalysis.Report.FileDeleted — List of File deletions observed in the analyzed sample.
  • SecneurXAnalysis.Report.FileModified — List of File changes observed in the analyzed sample.
  • SecneurXAnalysis.Report.Platform — Platform of the analyzed sample.
  • ATD.Task.taskId — The task ID of the sample uploaded.
  • ATD.Task.jobId — The job ID of the sample uploaded.
  • ATD.Task.messageId — The message Id relevant to the sample uploaded.
  • ATD.Task.srcIp — Source IPv4 address.
  • ATD.Task.destIp — Destination IPv4 address.
  • ATD.Task.MD5 — MD5 of the sample uploaded.
  • ATD.Task.SHA1 — SHA1 of the sample uploaded.
  • ATD.Task.SHA256 — SHA256 of the sample uploaded.
  • InfoFile.Extension — The extension of the report file.
  • File.EntryID — The Entry ID of the sample.
  • URL.Data — List of malicious URLs identified by Lastline analysis.
  • URL.Malicious.Vendor — For malicious URLs, the vendor that made the decision.
  • URL.Malicious.Description — For malicious URLs, the reason for the vendor to make the decision.
  • URL.Malicious.Score — For malicious URLs, the score from the vendor.
  • Lastline.Submission.Status — Status of the submission.
  • Lastline.Submission.DNSqueries — List of DNS queries done by the analysis subject.
  • Lastline.Submission.NetworkConnections — ist of network connections done by the analysis subject.
  • Lastline.Submission.DownloadedFiles — List of files that were downloaded using the Microsoft Windows file-download API functions. Each element is a tuple of file-origin URL and a File element.
  • Lastline.Submission.UUID — Task UUID of submitted sample.
  • Lastline.Submission.YaraSignatures.name — Yara signatures name.
  • Lastline.Submission.YaraSignatures.score — The score according to the yara signatures. from 0 to 100.
  • Lastline.Submission.YaraSignatures.internal — True if the signature is only for internal usage.
  • Lastline.Submission.Process.arguments — Argument of the process.
  • Lastline.Submission.Process.process_id — The process ID.
  • Lastline.Submission.Process.executable.abs_path — Absolute path of the executable of the process.
  • Lastline.Submission.Process.executable.filename — Filename of the executable.
  • Lastline.Submission.Process.executable.yara_signature_hits — Yara signature of the executable of the process.
  • Lastline.Submission.Process.executable.ext_info — Executable info of the process.
  • Joe.Analysis.ID — Web ID.
  • Domain.Name — The Domain name.
  • Domain.DNS — A list of IP objects resolved by DNS.
  • RegistryKey.Path — The path to the registry key.
  • RegistryKey.Value — The value at the given RegistryKey.
  • Process.Name — Process name.
  • Process.PID — Process PID.
  • Process.CommandLine — Process Command Line.
  • Process.Path — Process path.
  • Process.StartTime — Process start time.
  • Process.EndTime — Process end time.
  • Polygon.Analysis.ID — Analysis ID in THF.
  • Polygon.Analysis.Name — File Name.
  • Polygon.Analysis.Size — File Size.
  • Polygon.Analysis.Started — Analysis start timestamp.
  • Polygon.Analysis.Analyzed — Analysis finish timestamp.
  • Polygon.Analysis.MD5 — Analyzed file MD5 hash.
  • Polygon.Analysis.SHA1 — Analyzed file SHA1 hash.
  • Polygon.Analysis.SHA256 — Analyzed file SHA256.
  • Polygon.Analysis.Result — Analysis verdict.
  • Polygon.Analysis.Status — The analysis status.
  • Polygon.Analysis.Verdict — Analysis verdict.
  • Polygon.Analysis.Probability — Verdict probability.
  • Polygon.Analysis.Families — Malware families.
  • Polygon.Analysis.Score — Polygon score.
  • Polygon.Analysis.Internet-connection — Internet availability.
  • Polygon.Analysis.Type — File type.
  • Polygon.Analysis.DumpExists — Network activity dump exists.
  • Polygon.Analysis.File — The information about files in analysis.
  • Polygon.Analysis.URL — The information about URL indicators.
  • Polygon.Analysis.IP — The information about IP indicators.
  • Polygon.Analysis.Domain — The information about Domain indicators.
  • Polygon.Analysis.RegistryKey — The information about registry keys which were modified during the analysis.
  • Polygon.Analysis.Process — The information about processes started during the analysis.
  • csfalconx.resource.id — Analysis ID.
  • csfalconx.resource.verdict — Analysis verdict.
  • csfalconx.resource.created_timestamp — Analysis start time.
  • csfalconx.resource.environment_id — Environment ID.
  • csfalconx.resource.threat_score — Score of the threat.
  • csfalconx.resource.submit_url — URL submitted for analysis.
  • csfalconx.resource.submission_type — Type of submitted artifact, for example file, URL, etc.
  • csfalconx.resource.filetype — File type.
  • csfalconx.resource.filesize — File size.
  • csfalconx.resource.sha256 — SHA256 hash of the submitted file.
  • csfalconx.resource.ioc_report_strict_csv_artifact_id — ID of the IOC pack to download (CSV).
  • csfalconx.resource.ioc_report_broad_csv_artifact_id — ID of the IOC pack to download (CSV).
  • csfalconx.resource.ioc_report_strict_json_artifact_id — ID of the IOC pack to download (JSON).
  • csfalconx.resource.ioc_report_broad_json_artifact_id — ID of the IOC pack to download (JSON).
  • csfalconx.resource.ioc_report_strict_stix_artifact_id — ID of the IOC pack to download (STIX).
  • csfalconx.resource.ioc_report_broad_stix_artifact_id — ID of the IOC pack to download (STIX).
  • csfalconx.resource.ioc_report_strict_maec_artifact_id — ID of the IOC pack to download (MAEC).
  • csfalconx.resource.ioc_report_broad_maec_artifact_id — ID of the IOC pack to download (MAEC).
  • csfalconx.resource.snadbox.environment_description — Environment description.
  • OPSWAT.Filescan.Submission.flow_id — The flow ID.
  • OPSWAT.Filescan.Analysis.finalVerdict.verdict — The final verdict.
  • OPSWAT.Filescan.Analysis.allTags — All tags.
  • OPSWAT.Filescan.Analysis.overallState — Overall state of the scan.
  • OPSWAT.Filescan.Analysis.subtaskReferences — Status of scan subtasks.
  • OPSWAT.Filescan.Analysis.allSignalGroups — All signal groups.
  • OPSWAT.Filescan.Analysis.resources — Resources.
  • OPSWAT.Filescan.Analysis.taskReference.name — Name of the main scan task.
  • OPSWAT.Filescan.Analysis.taskReference.additionalInfo — Additional informations about the main scan task.
  • OPSWAT.Filescan.Analysis.taskReference.ID — ID of the main scan task.
  • OPSWAT.Filescan.Analysis.taskReference.state — State of the main scan task.
  • OPSWAT.Filescan.Analysis.taskReference.resourceReference — Resource reference of the main scan task.
  • OPSWAT.Filescan.Analysis.taskReference.opcount — Counter.
  • OPSWAT.Filescan.Analysis.taskReference.processTime — processTime.
  • OPSWAT.Filescan.Analysis.file.name — The name of the file.
  • OPSWAT.Filescan.Analysis.file.hash — The SHA256 of the file.
  • OPSWAT.Filescan.Analysis.file.type — The type of the submission.
  • ANYRUN.SandboxAnalysis.mitre.name — MITRE Technic text description.
  • ANYRUN.SandboxAnalysis.mitre.phases — MITRE Technic phases.
  • ANYRUN.SandboxAnalysis.mitre.id — MITRE Technic identifier.
  • ANYRUN.SandboxAnalysis.debugStrings — Analysis debug information.
  • ANYRUN.SandboxAnalysis.incidents.process — Analysis process.
  • ANYRUN.SandboxAnalysis.incidents.events.time — Event time.
  • ANYRUN.SandboxAnalysis.incidents.events.cmdline — Event command line.
  • ANYRUN.SandboxAnalysis.incidents.events.image — Event image.
  • ANYRUN.SandboxAnalysis.incidents.mitre.v — MITRE version.
  • ANYRUN.SandboxAnalysis.incidents.mitre.sid — SID.
  • ANYRUN.SandboxAnalysis.incidents.mitre.tid — TID.
  • ANYRUN.SandboxAnalysis.incidents.count — Count of related incidents.
  • ANYRUN.SandboxAnalysis.incidents.firstSeen — Incident first seen date.
  • ANYRUN.SandboxAnalysis.incidents.source — Incident source.
  • ANYRUN.SandboxAnalysis.incidents.desc — Incident description.
  • ANYRUN.SandboxAnalysis.incidents.title — Incident title.
  • ANYRUN.SandboxAnalysis.incidents.threatLevel — Incident threat level.
  • ANYRUN.SandboxAnalysis.incidents.events.typeValue — Event type value.
  • ANYRUN.SandboxAnalysis.incidents.events.key — Event key.
  • ANYRUN.SandboxAnalysis.incidents.events.value — Event value.
  • ANYRUN.SandboxAnalysis.incidents.events.name — Event name.
  • ANYRUN.SandboxAnalysis.incidents.events.operation — Even operation.
  • ANYRUN.SandboxAnalysis.incidents.events.cmdParent — Event parent cmd.
  • ANYRUN.SandboxAnalysis.incidents.events.cmdChild — Event child cmd.
  • ANYRUN.SandboxAnalysis.modified.registry.time — Registry time.
  • ANYRUN.SandboxAnalysis.modified.registry.process — Registry process.
  • ANYRUN.SandboxAnalysis.modified.registry.operation — Registry operation.
  • ANYRUN.SandboxAnalysis.modified.registry.value — Registry value.
  • ANYRUN.SandboxAnalysis.modified.registry.name — Registry name.
  • ANYRUN.SandboxAnalysis.modified.registry.key — Registry key.
  • ANYRUN.SandboxAnalysis.modified.files.process — File process.
  • ANYRUN.SandboxAnalysis.modified.files.size — File size.
  • ANYRUN.SandboxAnalysis.modified.files.filename — Filename.
  • ANYRUN.SandboxAnalysis.modified.files.time — File creating time.
  • ANYRUN.SandboxAnalysis.modified.files.info.mime — File MIME type.
  • ANYRUN.SandboxAnalysis.modified.files.info.file — File content.
  • ANYRUN.SandboxAnalysis.modified.files.permanentUrl — File url.
  • ANYRUN.SandboxAnalysis.modified.files.hashes.ssdeep — File SSDeep.
  • ANYRUN.SandboxAnalysis.modified.files.hashes.sha256 — File sha256 hash.
  • ANYRUN.SandboxAnalysis.modified.files.hashes.sha1 — File sha1 hash.
  • ANYRUN.SandboxAnalysis.modified.files.hashes.md5 — File md5 hash.
  • ANYRUN.SandboxAnalysis.modified.files.threatLevel — File threat level.
  • ANYRUN.SandboxAnalysis.modified.files.type — File type.
  • ANYRUN.SandboxAnalysis.network.threats — Analysis network threats.
  • ANYRUN.SandboxAnalysis.network.connections.reputation — Network connection reputation.
  • ANYRUN.SandboxAnalysis.network.connections.tlsFingerprint.ja3SFullstring — Network connection ja3S.
  • ANYRUN.SandboxAnalysis.network.connections.tlsFingerprint.ja3S — Network connection ja3S.
  • ANYRUN.SandboxAnalysis.network.connections.tlsFingerprint.ja3Fullstring — Network connection ja3F.
  • ANYRUN.SandboxAnalysis.network.connections.tlsFingerprint.ja3 — Network connection ja3F.
  • ANYRUN.SandboxAnalysis.network.connections.time — Network connection time.
  • ANYRUN.SandboxAnalysis.network.connections.asn — Network connection ASN.
  • ANYRUN.SandboxAnalysis.network.connections.country — Network connection country.
  • ANYRUN.SandboxAnalysis.network.connections.protocol — Network connection protocol.
  • ANYRUN.SandboxAnalysis.network.connections.port — Network connection port.
  • ANYRUN.SandboxAnalysis.network.connections.ip — Network connection ip.
  • ANYRUN.SandboxAnalysis.network.connections.process — Network connection processes.
  • ANYRUN.SandboxAnalysis.network.connections.tlsFingerprint.jarm — Network connection jarm.
  • ANYRUN.SandboxAnalysis.network.httpRequests.country — HTTP Request country.
  • ANYRUN.SandboxAnalysis.network.httpRequests.reputation — HTTP Request reputation.
  • ANYRUN.SandboxAnalysis.network.httpRequests.process — HTTP Request related process.
  • ANYRUN.SandboxAnalysis.network.httpRequests.httpCode — HTTP Request status code.
  • ANYRUN.SandboxAnalysis.network.httpRequests.status — HTTP Request status.
  • ANYRUN.SandboxAnalysis.network.httpRequests.user-agent — HTTP Request User-Agent header value.
  • ANYRUN.SandboxAnalysis.network.httpRequests.proxyDetected — HTTP Request is proxy detected.
  • ANYRUN.SandboxAnalysis.network.httpRequests.port — HTTP Request port.
  • ANYRUN.SandboxAnalysis.network.httpRequests.ip — HTTP Request ip.
  • ANYRUN.SandboxAnalysis.network.httpRequests.url — HTTP Request url.
  • ANYRUN.SandboxAnalysis.network.httpRequests.host — HTTP Request host.
  • ANYRUN.SandboxAnalysis.network.httpRequests.method — HTTP Request method.
  • ANYRUN.SandboxAnalysis.network.httpRequests.time — HTTP Request time estimate.
  • ANYRUN.SandboxAnalysis.network.dnsRequests.reputationNumber — DNS Request reputation number.
  • ANYRUN.SandboxAnalysis.network.dnsRequests.reputation — DNS Request reputation.
  • ANYRUN.SandboxAnalysis.network.dnsRequests.ips — DNS Request IPs.
  • ANYRUN.SandboxAnalysis.network.dnsRequests.domain — DNS Request domain.
  • ANYRUN.SandboxAnalysis.network.dnsRequests.time — DNS Request time estimate.
  • ANYRUN.SandboxAnalysis.malconf — Analysis malconf.
  • ANYRUN.SandboxAnalysis.processes.synchronization — Analysis processes synchronization.
  • ANYRUN.SandboxAnalysis.processes.modules — Analysis processes modules.
  • ANYRUN.SandboxAnalysis.processes.hasMalwareConfig — Process has malware config.
  • ANYRUN.SandboxAnalysis.processes.parentUUID — Process parent UUID.
  • ANYRUN.SandboxAnalysis.processes.status — Process status.
  • ANYRUN.SandboxAnalysis.processes.scores.specs.malwareConfig — Process malware config.
  • ANYRUN.SandboxAnalysis.processes.scores.specs.privEscalation — Process priv escalation.
  • ANYRUN.SandboxAnalysis.processes.scores.specs.stealing — Process stealing.
  • ANYRUN.SandboxAnalysis.processes.scores.specs.networkLoader — Process network loader.
  • ANYRUN.SandboxAnalysis.processes.scores.specs.network — Process network.
  • ANYRUN.SandboxAnalysis.processes.scores.specs.lowAccess — Process low access.
  • ANYRUN.SandboxAnalysis.processes.scores.specs.knownThreat — Process known threat.
  • ANYRUN.SandboxAnalysis.processes.scores.specs.injects — Process inject.
  • ANYRUN.SandboxAnalysis.processes.scores.specs.exploitable — Process exploitable.
  • ANYRUN.SandboxAnalysis.processes.scores.specs.executableDropped — Process executable dropped.
  • ANYRUN.SandboxAnalysis.processes.scores.specs.debugOutput — Process debug output.
  • ANYRUN.SandboxAnalysis.processes.scores.specs.crashedApps — Process crashed apps.
  • ANYRUN.SandboxAnalysis.processes.scores.specs.autoStart — Process auto start.
  • ANYRUN.SandboxAnalysis.processes.scores.loadsSusp — Process loads susp.
  • ANYRUN.SandboxAnalysis.processes.scores.injected — Process injected.
  • ANYRUN.SandboxAnalysis.processes.scores.dropped — Process dropped.
  • ANYRUN.SandboxAnalysis.processes.scores.verdict.threatLevelText — Process threat level text.
  • ANYRUN.SandboxAnalysis.processes.scores.verdict.threatLevel — Process threat level.
  • ANYRUN.SandboxAnalysis.processes.scores.verdict.score — Process score.
  • ANYRUN.SandboxAnalysis.processes.context.userName — Process context username.
  • ANYRUN.SandboxAnalysis.processes.context.integrityLevel — Process context integrity level.
  • ANYRUN.SandboxAnalysis.processes.context.rebootNumber — Process context reboot number.
  • ANYRUN.SandboxAnalysis.processes.versionInfo.version — Process version.
  • ANYRUN.SandboxAnalysis.processes.versionInfo.description — Process description.
  • ANYRUN.SandboxAnalysis.processes.versionInfo.company — Process company.
  • ANYRUN.SandboxAnalysis.processes.mainProcess — Process main process.
  • ANYRUN.SandboxAnalysis.processes.fileType — Process file type.
  • ANYRUN.SandboxAnalysis.processes.fileName — Process filename.
  • ANYRUN.SandboxAnalysis.processes.commandLine — Process cmd.
  • ANYRUN.SandboxAnalysis.processes.image — Process image.
  • ANYRUN.SandboxAnalysis.processes.uuid — Process uuid.
  • ANYRUN.SandboxAnalysis.processes.ppid — Process PPID.
  • ANYRUN.SandboxAnalysis.processes.important — Process important.
  • ANYRUN.SandboxAnalysis.processes.pid — Process PID.
  • ANYRUN.SandboxAnalysis.processes.exitCode — Process exit code.
  • ANYRUN.SandboxAnalysis.processes.times.terminate — Process time terminate.
  • ANYRUN.SandboxAnalysis.processes.times.start — Process time start.
  • ANYRUN.SandboxAnalysis.processes.resolvedCOM.title — Process resolved COM title.
  • ANYRUN.SandboxAnalysis.processes.synchronization.operation — Process sync operation.
  • ANYRUN.SandboxAnalysis.processes.synchronization.type — Process sync type.
  • ANYRUN.SandboxAnalysis.processes.synchronization.name — Process sync name.
  • ANYRUN.SandboxAnalysis.processes.synchronization.time — Process sync time.
  • ANYRUN.SandboxAnalysis.processes.modules.image — Process module image.
  • ANYRUN.SandboxAnalysis.processes.modules.time — Process module time.
  • ANYRUN.SandboxAnalysis.processes.scores.monitoringReason — Process monitoring reason.
  • ANYRUN.SandboxAnalysis.processes.times.monitoringSince — Process monitoring since.
  • ANYRUN.SandboxAnalysis.counters.synchronization.type.event — Process sync event.
  • ANYRUN.SandboxAnalysis.counters.synchronization.type.mutex — Process sync mutex.
  • ANYRUN.SandboxAnalysis.counters.synchronization.operation.create — Process sync operation create.
  • ANYRUN.SandboxAnalysis.counters.synchronization.operation.open — Process sync operation open.
  • ANYRUN.SandboxAnalysis.counters.synchronization.total — Process sync total.
  • ANYRUN.SandboxAnalysis.counters.registry.delete — Registry delete.
  • ANYRUN.SandboxAnalysis.counters.registry.write — Registry write.
  • ANYRUN.SandboxAnalysis.counters.registry.read — Registry reed.
  • ANYRUN.SandboxAnalysis.counters.registry.total — Registry total.
  • ANYRUN.SandboxAnalysis.counters.files.malicious — File malicious count.
  • ANYRUN.SandboxAnalysis.counters.files.suspicious — File suspicious count.
  • ANYRUN.SandboxAnalysis.counters.files.text — File text.
  • ANYRUN.SandboxAnalysis.counters.files.unknown — File unknown count.
  • ANYRUN.SandboxAnalysis.counters.network.threats — Network threats count.
  • ANYRUN.SandboxAnalysis.counters.network.dns — Network dns count.
  • ANYRUN.SandboxAnalysis.counters.network.connections — Network connections count.
  • ANYRUN.SandboxAnalysis.counters.network.http — Network networks count.
  • ANYRUN.SandboxAnalysis.counters.processes.malicious — Malicious processes count.
  • ANYRUN.SandboxAnalysis.counters.processes.suspicious — Suspicious processes count.
  • ANYRUN.SandboxAnalysis.counters.processes.monitored — Monitored processes count.
  • ANYRUN.SandboxAnalysis.counters.processes.total — Total processes count.
  • ANYRUN.SandboxAnalysis.environments.hotfixes.title — Environment hotfixes title.
  • ANYRUN.SandboxAnalysis.environments.software.version — Environment software version.
  • ANYRUN.SandboxAnalysis.environments.software.title — Environment software title.
  • ANYRUN.SandboxAnalysis.environments.internetExplorer.kbnum — Environment Internet Explorer KBNUM.
  • ANYRUN.SandboxAnalysis.environments.internetExplorer.version — Environment Internet Explorer version.
  • ANYRUN.SandboxAnalysis.environments.os.bitness — Environment OS version.
  • ANYRUN.SandboxAnalysis.environments.os.softSet — Environment OS software set.
  • ANYRUN.SandboxAnalysis.environments.os.servicePack — Environment OS service pack.
  • ANYRUN.SandboxAnalysis.environments.os.major — Environment OS major version.
  • ANYRUN.SandboxAnalysis.environments.os.productType — Environment OS product type.
  • ANYRUN.SandboxAnalysis.environments.os.variant — Environment OS variant.
  • ANYRUN.SandboxAnalysis.environments.os.product — Environment OS product.
  • ANYRUN.SandboxAnalysis.environments.os.build — Environment OS build.
  • ANYRUN.SandboxAnalysis.environments.os.title — Environment OS title.
  • ANYRUN.SandboxAnalysis.analysis.content.dumps — Content dumps.
  • ANYRUN.SandboxAnalysis.analysis.content.screenshots.thumbnailUrl — Screenshots thumbnail url.
  • ANYRUN.SandboxAnalysis.analysis.content.screenshots.permanentUrl — Screenshots permanent url.
  • ANYRUN.SandboxAnalysis.analysis.content.screenshots.time — Screenshots time.
  • ANYRUN.SandboxAnalysis.analysis.content.screenshots.uuid — Screenshots uuid.
  • ANYRUN.SandboxAnalysis.analysis.content.sslkeys.present — SSL keys present.
  • ANYRUN.SandboxAnalysis.analysis.content.pcap.permanentUrl — Pcap dump permanent url.
  • ANYRUN.SandboxAnalysis.analysis.content.pcap.present — Pcap present.
  • ANYRUN.SandboxAnalysis.analysis.content.video.permanentUrl — Video permanent url.
  • ANYRUN.SandboxAnalysis.analysis.content.video.present — Video present.
  • ANYRUN.SandboxAnalysis.analysis.content.mainObject.hashes.ssdeep — Main object ssdeep.
  • ANYRUN.SandboxAnalysis.analysis.content.mainObject.hashes.sha256 — Main object sha256.
  • ANYRUN.SandboxAnalysis.analysis.content.mainObject.hashes.sha1 — Main object sha1.
  • ANYRUN.SandboxAnalysis.analysis.content.mainObject.hashes.md5 — Main object md5.
  • ANYRUN.SandboxAnalysis.analysis.content.mainObject.url — Main object url.
  • ANYRUN.SandboxAnalysis.analysis.content.mainObject.type — Main object type.
  • ANYRUN.SandboxAnalysis.analysis.scores.specs.knownThreat — Specs known threat.
  • ANYRUN.SandboxAnalysis.analysis.scores.specs.malwareConfig — Specs malware Config.
  • ANYRUN.SandboxAnalysis.analysis.scores.specs.notStarted — Specs not started.
  • ANYRUN.SandboxAnalysis.analysis.scores.specs.privEscalation — Specs priv escalation.
  • ANYRUN.SandboxAnalysis.analysis.scores.specs.torUsed — Specs TOR used.
  • ANYRUN.SandboxAnalysis.analysis.scores.specs.suspStruct — Specs susp structure.
  • ANYRUN.SandboxAnalysis.analysis.scores.specs.stealing — Specs stealing.
  • ANYRUN.SandboxAnalysis.analysis.scores.specs.staticDetections — Specs static detections.
  • ANYRUN.SandboxAnalysis.analysis.scores.specs.spam — Specs spam.
  • ANYRUN.SandboxAnalysis.analysis.scores.specs.serviceLauncher — Specs service launcher.
  • ANYRUN.SandboxAnalysis.analysis.scores.specs.rebooted — Specs rebooted.
  • ANYRUN.SandboxAnalysis.analysis.scores.specs.networkThreats — Specs network threats.
  • ANYRUN.SandboxAnalysis.analysis.scores.specs.networkLoader — Specs network loader.
  • ANYRUN.SandboxAnalysis.analysis.scores.specs.multiprocessing — Specs multiprocessing.
  • ANYRUN.SandboxAnalysis.analysis.scores.specs.memOverrun — Specs memory overrun.
  • ANYRUN.SandboxAnalysis.analysis.scores.specs.lowAccess — Specs low access.
  • ANYRUN.SandboxAnalysis.analysis.scores.specs.exploitable — Specs exploitable.
  • ANYRUN.SandboxAnalysis.analysis.scores.specs.executableDropped — Specs executable dropped.
  • ANYRUN.SandboxAnalysis.analysis.scores.specs.debugOutput — Specs debug output.
  • ANYRUN.SandboxAnalysis.analysis.scores.specs.crashedTask — Specs crashed task.
  • ANYRUN.SandboxAnalysis.analysis.scores.specs.crashedApps — Specs crashed apps.
  • ANYRUN.SandboxAnalysis.analysis.scores.specs.cpuOverrun — Specs CPU overrun.
  • ANYRUN.SandboxAnalysis.analysis.scores.specs.autoStart — Specs suto start.
  • ANYRUN.SandboxAnalysis.analysis.scores.specs.injects — Specs injects.
  • ANYRUN.SandboxAnalysis.analysis.scores.verdict.threatLevelText — Verdict threat level text.
  • ANYRUN.SandboxAnalysis.analysis.scores.verdict.threatLevel — Verdict threat level.
  • ANYRUN.SandboxAnalysis.analysis.scores.verdict.score — Verdict score.
  • ANYRUN.SandboxAnalysis.analysis.options.automatization.uac — Options automatization UAC.
  • ANYRUN.SandboxAnalysis.analysis.options.privateSample — Options private sample.
  • ANYRUN.SandboxAnalysis.analysis.options.privacy — Options privacy.
  • ANYRUN.SandboxAnalysis.analysis.options.network — Options network.
  • ANYRUN.SandboxAnalysis.analysis.options.hideSource — Options hide source.
  • ANYRUN.SandboxAnalysis.analysis.options.video — Options video.
  • ANYRUN.SandboxAnalysis.analysis.options.presentation — Options presentation.
  • ANYRUN.SandboxAnalysis.analysis.options.tor.used — Options tor used.
  • ANYRUN.SandboxAnalysis.analysis.options.mitm — Options MITM proxy.
  • ANYRUN.SandboxAnalysis.analysis.options.heavyEvasion — Options kernel heavy evasion.
  • ANYRUN.SandboxAnalysis.analysis.options.fakeNet — Options fake network.
  • ANYRUN.SandboxAnalysis.analysis.options.additionalTime — Options additions time.
  • ANYRUN.SandboxAnalysis.analysis.options.timeout — Options timeout.
  • ANYRUN.SandboxAnalysis.analysis.tags — Analysis tags.
  • ANYRUN.SandboxAnalysis.analysis.stopExecText — Analysis stopExecText.
  • ANYRUN.SandboxAnalysis.analysis.stopExec — Analysis creation stopExec.
  • ANYRUN.SandboxAnalysis.analysis.creationText — Analysis creation creation text.
  • ANYRUN.SandboxAnalysis.analysis.creation — Analysis creation date.
  • ANYRUN.SandboxAnalysis.analysis.duration — Analysis duration.
  • ANYRUN.SandboxAnalysis.analysis.sandbox.plan.name — Analysis sandbox user plan name.
  • ANYRUN.SandboxAnalysis.analysis.sandbox.name — Analysis sandbox name.
  • ANYRUN.SandboxAnalysis.analysis.reports.graph — Analysis reports graph.
  • ANYRUN.SandboxAnalysis.analysis.reports.STIX — Analysis STIX report url.
  • ANYRUN.SandboxAnalysis.analysis.reports.HTML — Analysis HTML report url.
  • ANYRUN.SandboxAnalysis.analysis.reports.MISP — Analysis MISP report url.
  • ANYRUN.SandboxAnalysis.analysis.reports.IOC — Analysis IOC report url.
  • ANYRUN.SandboxAnalysis.analysis.permanentUrl — Analysis permanent url.
  • ANYRUN.SandboxAnalysis.analysis.uuid — Analysis uuid.
  • ANYRUN.SandboxAnalysis.status — Analysis status.
  • ANYRUN.SandboxAnalysisReportVerdict — The analysis verdict.
  • ANYRUN_DetonateFileAndroid.TaskID — Task UUID.
  • ANYRUN_DetonateFileLinux.TaskID — Task UUID.
  • ANYRUN_DetonateFileWindows.TaskID — Task UUID.

Flowchart

yes yes yes yes Android Linux Windows Start Start Done Done ATD - Detonate File - ATD - Detonate File ATD - Detonate File ATD - Detonate File Detonate File - Lastline v2 - Detonate File - Lastline v2 Detonate File - Lastline v2 Detonate File - Lastline v2 Detonate File - Cuckoo - Detonate File - Cuckoo Detonate File - Cuckoo Detonate File - Cuckoo Detonate File - FireEye AX - Detonate File - FireEye AX Detonate File - FireEye AX Detonate File - FireEye AX Detonate File - VMRay - Detonate File - VMRay Detonate File - VMRay Detonate File - VMRay Detonate File - Group-IB TDS Polygon - Detonate File - Group-IB TDS Polygon Detonate File - Group-IB ... Detonate File - Group-IB TDS ... Detonate File - SecneurX Analysis - Detonate File - SecneurX Analysis Detonate File - SecneurX ... Detonate File - SecneurX Anal... Detonate File - JoeSecurity V2 - Detonate File - JoeSecurity V2 Detonate File - JoeSecuri... Detonate File - JoeSecurity V2 Check if EntryID exists Check if EntryID exists Detonate File - MetaDefender Aether Detonate File - MetaDefen... Detonate file - CrowdStrike Falcon Sandbox v2 - Detonate file - CrowdStrike Falcon Sandbox v2 Detonate file - CrowdStri... Detonate file - CrowdStrike F... Detonate File - ThreatGrid v2 - Detonate File - ThreatGrid v2 Detonate File - ThreatGri... Detonate File - ThreatGrid v2 Detonate File - CrowdStrike Falcon Intelligence Sandbox v2 - Detonate File - CrowdStrike Falcon Intelligence Sandbox v2 Detonate File - CrowdStri... Detonate File - CrowdStrike F... WildFire - Detonate file v2 - WildFire - Detonate file v2 WildFire - Detonate file v2 WildFire - Detonate file v2 ANYRUN Detonate File Android - ANYRUN Detonate File Android ANYRUN Detonate File Android ANYRUN Detonate File Android ANYRUN Detonate File Linux - ANYRUN Detonate File Linux ANYRUN Detonate File Linux ANYRUN Detonate File Linux ANYRUN Detonate File Windows - ANYRUN Detonate File Windows ANYRUN Detonate File Windows ANYRUN Detonate File Windows Check the correctness of the ANY.RUN parameters Check the correctness of ... Select ANY.RUN playbook Select ANY.RUN playbook