Privacy is important to us, so you have the option of disabling certain types of storage that may not be necessary for the basic functioning of the website. Blocking categories may impact your experience on the website. More information

Accept all cookies

These items are required to enable basic website functionality.

Always active

These items are used to deliver advertising that is more relevant to you and your interests.

These items allow the website to remember choices you make (such as your user name, language, or the region you are in) and provide enhanced, more personal features.

These items help the website operator understand how its website performs, how visitors interact with the site, and whether there may be technical issues.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
January 30, 2024

Offensive Approach to Online Sandboxes

In this blog, we will share our research about manipulating online sandboxes and how to automatize this process with MSP.

Hello there!
Today, we are happy to announce Malwation’s new blog series.

In this blog, we will share our research about manipulating online sandboxes and how to automatize this process with MSP.


Nowadays, cloud based malware analysis platforms became very popular. The underlying cause of this is companies don’t want to buy appliance for analyzing their non-private files. (Currently, many products are preferred as cloud-based.) Security analysis teams of institutions have started to use cloud-based malware analysis platforms in their internal processes.

In this blog series, we’ve started to develop anti-analysis methods and conduct research to test how sufficient these products are for analysis process of a malware. Our goal is to think as a malware developer and try to manipulate such products to present unrealistic data to the analyst. (Note: Our goal is not to stop the analysis or enter sleep mode after detecting the sandbox.)

The main purpose of this series is to warn our friends operating in the Blue Team field in advance. It is much more important to see the danger first and take action instead of exploring this technique in malware found in real-world cases.

In this blog , we’ll review & analyze ANY.RUN


ANY.RUN is an interactive malware sandbox, which has started in 2017. Their aim is to present a virtual machine interface that can be controlled in real time and perform analysis on this virtual machine and also present it to their users in real time through a really fancy and functional web interface.


● Handy for quick action

● User-friendly and well designed interface

● Shows real-time analysis data


● Agent based analysis

● Weak reputation engine

Smashing the Agent

ANY.RUN analyzes files with its custom drivers and applications in the virtual machine. Agent-based analysis technique is a technique which is very common in malware sandbox products, but it also can be vulnerable to a malware. If you can’t hide the agent that you’re running inside and if you can’t harden the virtual machine well, the higher your detection rate will be.

Any.Run was performing analysis and transfer with a running process called “qemu-ga.exe” until 2020. After popular malwares mimic this process into their anti-analysis techniques, they changed this name and started to use the name as “srvpost.exe”.

ANY.RUN Agent Process

Since ANY.RUN does not hide itself from a malware and users with the drivers it uses, the agent files are easy to access. For this reason, it is easier to reverse engineer the agent and develop anti-analysis techniques compared to other products.

Files/Threads/Drivers related to the agent

The main purpose of the running agent is to monitor the processes running in the operating system and transfer the information it collects to ANY.RUN servers instantly. Some of the drivers and threads that the agent process uses while performing these operations are mentioned above. Here’s a repo for agent files.

The agent is actively using “winsanr.dll” while running.

Imports of winsanr.dll

The library’s functions provided communication with the kernel logger driver to perform the monitoring operations used by the agent.

Normally, if you kill the agent process, system will unconsciously finish the analysis process.

The situation you will face if you kill the agent

However, this is something we do not prefer. As an analyst, this is really suspicious and even if you can’t identify the malware, it would be unreasonable to trust. Therefore, it is necessary to approach it differently.

When we suspend the winsanr.dll belonging to the agent, ANY.RUN cannot monitor the processes in the VM, so even though the analysis seems to continue, it cannot show what is inside in its interface.

Inception Attack

ANY.RUN offers many packages to their users. And in addition to the features they are offering in these packages, they also determine the maximum number of minutes for active analysis. For example, you can analyze a file for 5 minutes by default with the Searcher package, that you pay 90 dollars to acquire, and you can make this time a maximum of 10 minutes by adding time in interactive mode.

The sechost.dll in the agent contains and transmits the timing metrics of ANY.RUN. When we suspend this thread, Any.Run stops its counter and the analysis continues until it drops to timeout.

However, ANY.RUN terminates the analysis if it does not receive a connection from the virtual machine for 25 seconds. From this point on, it’s time to automate things. If we suspend for 24 seconds and allow 1 second, we can achieve Inception.

Here’s PoC of Inception Attack as public report on ANY.RUN.
Analysis Time : ~2 Hour

With this research, you can generate Inception Attack on MSP.

Malwation MSP(Malware Simulation Platform) is designed to test endpoint security solutions, sandbox products, SIEM and EDR rules in the most effective way. You can create completely unique malware test scenarios on our platform and produce them in under 30 seconds in order to test the behavioral analysis of security solutions with comprehensive details.

Malwation MSP offers 2 operating systems, 4 languages and more than 200 attacks to users. Here’s more information about MSP.

Thanks for reading.
If you have similar research, you can apply to our ZERONE Research Acquisition Program.
To contact and for any questions :

See you next time!

Kağan Işıldak
CEO & Co-founder Malwation