Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Submit to Hybrid Analysis | |
| on: | |
| release: | |
| types: [published] | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| env: | |
| HYBRID_ANALYSIS_API_KEY: ${{ secrets.HYBRID_ANALYSIS_API_KEY }} | |
| jobs: | |
| submit-and-get-report-link: | |
| name: Submit latest release to Hybrid Analysis | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@v2 | |
| with: | |
| egress-policy: audit | |
| - name: Get latest release tag | |
| id: get_release | |
| uses: actions/github-script@v7 | |
| with: | |
| script: | | |
| const { data: release } = await github.rest.repos.getLatestRelease({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo | |
| }); | |
| core.setOutput('tag', release.tag_name); | |
| - name: Validate Hybrid Analysis API Key | |
| run: | | |
| if [ -z "${{ env.HYBRID_ANALYSIS_API_KEY }}" ]; then | |
| echo "::error::HYBRID_ANALYSIS_API_KEY secret is not set!" | |
| exit 1 | |
| fi | |
| - name: Download WinMemoryCleaner.exe | |
| run: | | |
| RELEASE_TAG=${{ steps.get_release.outputs.tag }} | |
| echo "::group::Downloading WinMemoryCleaner.exe from release $RELEASE_TAG" | |
| curl -fL --retry 3 --retry-delay 5 -o WinMemoryCleaner.exe \ | |
| "https://github.com/${{ github.repository }}/releases/download/${RELEASE_TAG}/WinMemoryCleaner.exe" | |
| echo "::endgroup::" | |
| - name: Submit file to Hybrid Analysis | |
| id: ha_submit | |
| run: | | |
| RESPONSE=$(curl --request POST --location \ | |
| --url https://hybrid-analysis.com/api/v2/submit/file \ | |
| --header "api-key: ${{ env.HYBRID_ANALYSIS_API_KEY }}" \ | |
| --header "User-Agent: Falcon Sandbox" \ | |
| --header "Accept: application/json" \ | |
| --form file=@WinMemoryCleaner.exe \ | |
| --form environment_id=100) | |
| echo "$RESPONSE" > ha_submit_response.json | |
| SHA256=$(jq -e -r '.sha256' ha_submit_response.json) | |
| JOB_ID=$(jq -e -r '.job_id' ha_submit_response.json) | |
| if [ -z "$SHA256" ] || [ -z "$JOB_ID" ]; then | |
| echo "::error::Failed to get sha256 or job_id from Hybrid Analysis response" | |
| cat ha_submit_response.json | |
| exit 1 | |
| fi | |
| echo "sha256=$SHA256" >> $GITHUB_OUTPUT | |
| echo "job_id=$JOB_ID" >> $GITHUB_OUTPUT | |
| echo "::notice::Successfully submitted file to Hybrid Analysis." | |
| - name: Create Link to Report | |
| run: | | |
| SHA256=${{ steps.ha_submit.outputs.sha256 }} | |
| JOB_ID=${{ steps.ha_submit.outputs.job_id }} | |
| REPORT_URL="https://hybrid-analysis.com/sample/${SHA256}/${JOB_ID}" | |
| echo "View the report at: $REPORT_URL" | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "### Hybrid Analysis Report" >> $GITHUB_STEP_SUMMARY | |
| echo "**Report Link:** [View Report]($REPORT_URL)" >> $GITHUB_STEP_SUMMARY | |
| echo "_Please note: The report may take several minutes to become available._" >> $GITHUB_STEP_SUMMARY | |
| - name: Cleanup | |
| if: always() | |
| run: | | |
| rm -f WinMemoryCleaner.exe ha_submit_response.json | |
| echo "::notice::Cleanup completed" |