Scribd
Upload
410 views9 pages

Building a Malware Analysis Lab Guide

This document provides steps for building a malware analysis lab, including installing VirtualBox or Hyper-V, configuring a Windows 10 virtual machine with Flare-VM, disabling Windows updates and protections, installing additional analysis tools like FakeNet and Ghidra, and taking VM snapshots. It also covers fundamentals of static malware analysis through demo. The goal is to establish a secure, isolated sandbox environment for safely analyzing malicious files.

Uploaded by

Erdem Enust
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
410 views9 pages

Building a Malware Analysis Lab Guide

This document provides steps for building a malware analysis lab, including installing VirtualBox or Hyper-V, configuring a Windows 10 virtual machine with Flare-VM, disabling Windows updates and protections, installing additional analysis tools like FakeNet and Ghidra, and taking VM snapshots. It also covers fundamentals of static malware analysis through demo. The goal is to establish a secure, isolated sandbox environment for safely analyzing malicious files.

Uploaded by

Erdem Enust
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
  • Building a Malware Analysis Lab
  • Prepare Sandbox Virtualization Environment
  • Create the Virtual Machine
  • Configuring the VM
  • Flare-VM Installation
  • Extra Tools
  • Static Malware Analysis - Fundamentals

TRAINER - DO NOT SHARE

Building a Malware
Analysis Lab

TRAINER - DO NOT SHARE


TRAINER - DO NOT SHARE

Building a Malware Analysis Lab

🔹Building a Malware Analysis Lab


🔹Installing the VirtualBox OR (Hyper-V)
🔹Configuring the Virtual Machine
🔹Flare-VM Installation
🔹Static Malware Analysis Fundamentals
🔹Dynamic Malware Analysis

TRAINER - DO NOT SHARE


TRAINER - DO NOT SHARE

Prepare Sandbox Virtualization Environment

• Enable Virtualization on your Computer


• Install a virtualization software (Hyper-V)
• Configure a Malware Analysis Lab VM

TRAINER - DO NOT SHARE


TRAINER - DO NOT SHARE

Create the Virtual Machine

• Install Windows 10 in Hyper-V


• Download Windows 10 Enterprise Evaluation copy

• Create a base snapshot of the VM after configuring it.

TRAINER - DO NOT SHARE


TRAINER - DO NOT SHARE

Configuring the VM

• Disable Windows Update


• Goto Services.exe -> Windows Update -> Click Stop -> Startup type is ‘DISABLED’ -> Apply

• Disable Windows Defender


• Goto Windows Security-> Manage Settings-> Realtime protection off-> Cloud delivered off-> Automatic sampling off->
Tamper protection off
• Then Do ( Windows+R-> gpedit.msc -> Administrator Templates-> Windows Components-> Microsoft Defender Antivirus -
> Enable «Turn off Realtime protection» -> Enable «Turn off Microsoft Windows Defender Anti Virus» REBOOT!!!

• Disable Hide Extensions


• Open file Explorer -> View options-> Change options->View->Uncheck hide extensions for known filetypes-> Also check
the second circle

• Show Hidden Files and Folders


• Create a Snapshot (Rename BaseLine)

TRAINER - DO NOT SHARE


TRAINER - DO NOT SHARE

Flare-VM Installation

• Malware Analysis Lab Machine Settings:


• 2 VM Processors
• 8 GB Memory
• Display: Enable 3D Acceleration
• Network: Change it to Host-Only Adapter – No Live Connection
• Use Chrome browser OR Opera GX.
• Download Flare VM github (mandiant/flare-vm GitHub)
• Install.ps1 (save link as to a new folder on desktop, name it «Flare»)
• File > Run PowerShell as Administrator THEN follow the installation steps

TRAINER - DO NOT SHARE


TRAINER - DO NOT SHARE

Extra Tools

• FakeNet
• https://github.coom/mandiant/flare-fakenet-ng
• HashMyFiles
• https://nirsoft.net/utils/hash_my_files.html
• Regshot
• https://sourceforgenet/projects/regshot
• Ghidra
• https://github.com/NAtionalSecurityAgency/ghidra/releases
• Important: Take Snapshot!!! (Flare-VM)

TRAINER - DO NOT SHARE


TRAINER - DO NOT SHARE

Static Malware Analysis - Fundamentals

• DEMO

TRAINER - DO NOT SHARE


TRAINER - DO NOT SHARE

Building a Malware
Analysis Lab

TRAINER - DO NOT SHARE

TRAINER - DO NOT SHARE TRAINER - DO NOT SHARE Building a Malware Analysis Lab
TRAINER - DO NOT SHARE TRAINER - DO NOT SHARE Building a Malware Analysis Lab 🔹Building a Malware Analysis Lab (https://app.
TRAINER - DO NOT SHARE TRAINER - DO NOT SHARE Prepare Sandbox Virtualization Environment • Enable Virtualization on your Comp
TRAINER - DO NOT SHARE TRAINER - DO NOT SHARE Create the Virtual Machine • Install Windows 10 in Hyper-V • Download Windows 1
TRAINER - DO NOT SHARE TRAINER - DO NOT SHARE Configuring the VM • Disable Windows Update • Goto Services.exe -> Windows Upda
TRAINER - DO NOT SHARE TRAINER - DO NOT SHARE Flare-VM Installation • Malware Analysis Lab Machine Settings: • 2 VM Processor
TRAINER - DO NOT SHARE TRAINER - DO NOT SHARE Extra Tools • FakeNet • https://github.coom/mandiant/flare-fakenet-ng (https://
TRAINER - DO NOT SHARE TRAINER - DO NOT SHARE Static Malware Analysis - Fundamentals • DEMO
TRAINER - DO NOT SHARE TRAINER - DO NOT SHARE Building a Malware Analysis Lab

You might also like