Malware analysis is complex.
The tools we use rely on an array of detection methods — heuristic analysis, behavior-based detection, signature matching, machine learning algorithms, and more. ANY.RUN already uses all of these methods, and each helps us deliver in-depth data about a program’s intent. But ultimately, it is up to the analyst to decide whether a sample is malicious or benign.
Today, we’re excited to introduce a new AI-driven detection method to ANY.RUN. Powered by OpenAI’s ChatGPT, our new feature will give you another approach to judge if a file is malicious, helping you to save time, optimize resources, and focus on key areas of your work.
ChatGPT helps you judge if a file is harmful or not
Over 300,000 users already rely on ANY.RUN to detect and analyze malicious files. So, what does AI-driven detection bring to your malware analysis workflow?
Here’s what you can expect when using the new AI-detection in ANY.RUN:
- Expanded data: all our tasks now include a ChatGPT -analysis section, which starts with a verdict — is the sample malicious, suspicious, or benign? For maximum clarity, the section will include a detailed explanation of how the conclusion was made, what makes the code malicious, and how indicators were used.
- Detailed AI-driven analysis of processes, connections, and rules: beyond the global task overview, you can focus on specific elements. Mark the processes, rules, or other elements you’re interested in, and we’ll generate a separate report just about these objects.
How to you use new ChatGPT feature
An AI-driven review will appear in all reports automatically. But beyond that, you’ll find the ChatGPT icon next to important elements, such as processes, rules, and connections. Click on it, and we will include a separate AI-generated explanation about that element. We use our own prompts, so all the answers follow the same structure — this way, they’re easy to read and understand across samples.
These queries are securely saved, ensuring that you can easily refer to past inquiries for future reference. Being able to access this information aids in streamlining your search process and promotes a more efficient use of time. By utilizing this feature, you can avoid having to recreate searches that have already been conducted, saving you both time and effort. You can choose which elements to analyze with ChatGPT.
In scenarios with many processes or events, ANY.RUN AI prioritizes those with the highest score or those considered suspicious, helping you focus your attention where needed most. But you can also tell it what you want to analyze:
- Process trees: AI will assess the process tree of your system as a whole or individual processes you select, pinpoint suspicious activities, and provide you with a summary.
- Command Line: It will scan the command line data, generating a report highlighting potential malicious activity indicators.
- Suricata rule triggers: AI evaluates triggered Suricata rules, offering a concise explanation of what this could mean for your security.
- HTTP connections: AI reviews HTTP connection data, providing a detailed summary outlining potential threats.
- Registry: Identify unusual changes or activities in the registry and spot potentially harmful actions with AI.
- Mutex: Apply ChatGPT to examine the Mutex objects in your system and detect usage pattern anomalies.
Our new AI tool augments the other detection methods used in the sandbox to give you a new perspective of the file you’re working with.
The more detection methods we have, the clearer the verdict
Our new ChatGPT -powered detection method breaks down complex data and concepts, providing clear, actionable summaries that not only identify threats but help you understand them. All so you can save time, optimize resources, and focus on key areas of your work — such as incident investigation, research, or threat response.
The post ChatGPT-powered Malware Analysis: Review Sandbox Results with AI appeared first on ANY.RUN's Cybersecurity Blog.