Skip to main content

Workflow Template: Analyze Files with ANY.RUN Sandbox

Submit a file download URL to ANY.RUN Sandbox for analysis and receive a structured JSON report with verdict, IoCs, and summary.

The "Analyze Files with ANY.RUN Sandbox" workflow template is designed for security teams to enhance their threat intelligence and incident response capabilities. By submitting a file download URL, users can leverage the ANY.RUN Sandbox to perform in-depth analysis, extracting Indicators of Compromise (IoCs) such as IPs, URLs, and file hashes. The workflow outputs a comprehensive JSON report, providing a verdict and enriched data to support application security operations and endpoint detection and response efforts.

Use Cases

Application Security Operations , Endpoint Detection and Response (EDR) , Function , Threat Intelligence Enrichment

Workflow Breakdown

  1. Accepts a file download URL as an input parameter.

  2. The completed analysis report is retrieved and a sandbox summary is generated.

  3. Indicators of Compromise (IPs, URLs, file hashes) are extracted from the analysis.

  4. A final enrichment summary is produced, combining the report details with the extracted IoCs as the workflow output.

Vendors

Utils, ANY.RUN

Workflow Output

ANY.RUN Sandbox analysis report and verdict for the submitted file, and extracted IOCs.

Did this answer your question?