Scribd
Upload
235 views

Building A Malware Analysis Lab

This document provides steps for building a malware analysis lab, including installing VirtualBox or Hyper-V, configuring a Windows 10 virtual machine with Flare-VM, disabling Windows updates and protections, installing additional analysis tools like FakeNet and Ghidra, and taking VM snapshots. It also covers fundamentals of static malware analysis through demo. The goal is to establish a secure, isolated sandbox environment for safely analyzing malicious files.

Uploaded by

Erdem Enust
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
235 views

Building A Malware Analysis Lab

This document provides steps for building a malware analysis lab, including installing VirtualBox or Hyper-V, configuring a Windows 10 virtual machine with Flare-VM, disabling Windows updates and protections, installing additional analysis tools like FakeNet and Ghidra, and taking VM snapshots. It also covers fundamentals of static malware analysis through demo. The goal is to establish a secure, isolated sandbox environment for safely analyzing malicious files.

Uploaded by

Erdem Enust
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 9

TRAINER - DO NOT SHARE

Building a Malware
Analysis Lab

TRAINER - DO NOT SHARE


TRAINER - DO NOT SHARE

Building a Malware Analysis Lab

🔹Building a Malware Analysis Lab


🔹Installing the VirtualBox OR (Hyper-V)
🔹Configuring the Virtual Machine
🔹Flare-VM Installation
🔹Static Malware Analysis Fundamentals
🔹Dynamic Malware Analysis

TRAINER - DO NOT SHARE


TRAINER - DO NOT SHARE

Prepare Sandbox Virtualization Environment

• Enable Virtualization on your Computer


• Install a virtualization software (Hyper-V)
• Configure a Malware Analysis Lab VM

TRAINER - DO NOT SHARE


TRAINER - DO NOT SHARE

Create the Virtual Machine

• Install Windows 10 in Hyper-V


• Download Windows 10 Enterprise Evaluation copy

• Create a base snapshot of the VM after configuring it.

TRAINER - DO NOT SHARE


TRAINER - DO NOT SHARE

Configuring the VM

• Disable Windows Update


• Goto Services.exe -> Windows Update -> Click Stop -> Startup type is ‘DISABLED’ -> Apply

• Disable Windows Defender


• Goto Windows Security-> Manage Settings-> Realtime protection off-> Cloud delivered off-> Automatic sampling off->
Tamper protection off
• Then Do ( Windows+R-> gpedit.msc -> Administrator Templates-> Windows Components-> Microsoft Defender Antivirus -
> Enable «Turn off Realtime protection» -> Enable «Turn off Microsoft Windows Defender Anti Virus» REBOOT!!!

• Disable Hide Extensions


• Open file Explorer -> View options-> Change options->View->Uncheck hide extensions for known filetypes-> Also check
the second circle

• Show Hidden Files and Folders


• Create a Snapshot (Rename BaseLine)

TRAINER - DO NOT SHARE


TRAINER - DO NOT SHARE

Flare-VM Installation

• Malware Analysis Lab Machine Settings:


• 2 VM Processors
• 8 GB Memory
• Display: Enable 3D Acceleration
• Network: Change it to Host-Only Adapter – No Live Connection
• Use Chrome browser OR Opera GX.
• Download Flare VM github (mandiant/flare-vm GitHub)
• Install.ps1 (save link as to a new folder on desktop, name it «Flare»)
• File > Run PowerShell as Administrator THEN follow the installation steps

TRAINER - DO NOT SHARE


TRAINER - DO NOT SHARE

Extra Tools

• FakeNet
• https://github.coom/mandiant/flare-fakenet-ng
• HashMyFiles
• https://nirsoft.net/utils/hash_my_files.html
• Regshot
• https://sourceforgenet/projects/regshot
• Ghidra
• https://github.com/NAtionalSecurityAgency/ghidra/releases
• Important: Take Snapshot!!! (Flare-VM)

TRAINER - DO NOT SHARE


TRAINER - DO NOT SHARE

Static Malware Analysis - Fundamentals

• DEMO

TRAINER - DO NOT SHARE


TRAINER - DO NOT SHARE

Building a Malware
Analysis Lab

TRAINER - DO NOT SHARE

You might also like