main background
main background
Malicious spinner Malicious line
Malware hunting with
live access to the
heart of an incident

Watch the epidemic as if it was on your computer,
but in a more convenient and secure way,
with a variety of monitoring features.


More than a malware sandbox

ANY.RUN is a tool for detection, monitoring, and research of cyber threats in real-time. The online interactive sandbox is a perfect solution to speed up your analysis. Easy workflow, intuitive interface, and detailed reports – give them a try!

  • Realtime interaction
  • Network tracking
  • Process monitoring
  • MITRE ATT&CK™ mapping
  • Behavior graph
Look for realtime interaction on ANY.RUN
How to track network activities on ANY.RUN
Explore activitiy of Processes on ANY.RUN
Use mitre att&ck mapping on ANY.RUN
View malware behavior graph on ANY.RUN


interactive approach for malware analysis

ANY.RUN malware sandbox’s goal is to level up your research. The interactive approach allows cybersecurity specialists to influence the virtual machine. The sandbox gives access to the malware laboratory with a lot of different tools within a second.

Start your analysis immediately, and work with results in one minute. Control the process and monitor malware behavior in real-time. During the analysis of malware, you are able to drag a mouse, tap keys, reboot the system, open files, input data in the secured online sandbox.

Innovative cloud-based sandbox with full interactive access

It is not enough to run a suspicious file on a testing system to be sure in its safety. For some types of malware or vulnerabilities (e.g., APT), direct human interaction during analysis is required. A set of online malware analysis tools, allows you to watch the research process and make adjustments when needed, just as you would do it on a real system, rather than relying on a wholly automated sandbox.

Real-time Data-flow
Hard drive
Malicious URL
Executable file
was dropped

Track behavior activities in Real-time

The service shows many aspects of testing, such as creation of new processes, potentially suspicious or malicious files or URLs as well as registry activity, network requests and much more in real-time, allowing to make conclusions during the task execution without having to wait for the final report.

Threat intelligence platform

A community consisting of a large number of researchers from different countries contributes to our threat intelligence platform, allowing to collect and analyze attacks at the moment of their appearance, revealing the IOC at the initial stage. The malware reports can be accessed through public submissions and downloaded in specialized formats.

Large amount of analyzed samples
Threat intelligence feeds

Threat intelligence feeds

Expand your security systems with a real-time stream of latest IOCs.

  • Keep your security systems updated with the latest malicious IPs, URLs, and domains — available in JSON and STIX.
  • Improve your security against current threats with data from recent incidents.
  • Get updates to fend off attacks before they happen.

Get started by reaching out to us

Speed up your workflow

Unlike fully automated malware sandboxes, the interactivity of our service allows receiving initial results immediately after launching a task, not having to wait for the simulation to end completely.

* With an average analysis of 6 minutes, we are ready to provide you with the first data within 15 seconds.

Up to 24x times faster*
ANY.RUN Interactive Sandbox
Usual automated sandbox
Time to get the first result


Team working, report sharing, video embedding

Easy to share

Information security audit tools provided by the service allow generating reports that contain important parts of the malware analysis, like video, screenshots, hashes as well as all the data accumulated during the task execution. The service also provides an ability for teamwork in a single desktop mode or to host a real-time presentation for several people.

Community version for