Malware is like a sneaky computer program that's designed to cause harm, like stealing information or damaging your computer.
A Malware Analysis Lab is a safe place where cybersecurity experts study these sneaky programs to understand how they work. It's like a detective's lab, where they examine the malware to figure out its tricks and how to stop it from causing trouble.
-
Static Analysis: This is like looking at a suspect's photo and examining it closely without letting them move. In static analysis, experts study the malware's code and structure without actually running it. It helps in understanding what the malware does and how it does it, without risking harm to the computer.
-
Dynamic Analysis: This is like watching a suspect in action, observing their behavior and actions. In dynamic analysis, experts run the malware in a controlled environment (like a sandbox) and observe its behavior. They monitor what files it accesses, what network connections it makes, and what changes it makes to the system. This helps in understanding the malware's actions in real-time.
-
Setting up a VM (virtual machine) and install a windows 10 (ISO file) into VM
-
Installing Flare VM
-
Static analysis hands on practice
-
Dynamic analysis hands on practice
-
Download virtual box - https://www.virtualbox.org/
-
Download windows 10 (ISO file) - https://www.microsoft.com/en-in/software-download/windows10ISO
-
Create a folder in your computer files name "windows10" and close it.
-
Open up your virtual box and add new to get your setups and choose in folder section - "windows10" which is empty.
-
Open up again your virtual box and tap "start" After that load your "windows iso file" to the VM and get started
Turn OFF these four - Realtime protection, Cloud delivered protection, Automatic sample submission and Tamper protectionπ
Click to "View" , tap "Show hidden files" , untick the box - "Hide extensions for known file types"
Take a snapshot becoz if we download Flare Vm and we face any problem then we can setup again so name it to "Basline" and give description whatever you want
Close your virtual box and go to "settings" - Display >>> video memory Full (256MB) >>> Enable 3D accelerationβ
- Open powershell as administrator
- Download installation script -Installer.ps1
- make a file and paste it
- open powershell and Unblock the script
Unblock-File .Vinstall.ps1 - enable script execution
Set-ExecutionPolicy Unrestricted -Force - β’ If you receive an error saying the execution policy is overridden by a policy defined at a more specific scope, you may need to pass a scope in
Set-ExecutionPolicy Unrestricted -Scope CurrentUser - Force - To view execution policies for all scopes, execute
Get- ExecutionPolicy -List - Finally, execute the installer script as follow:
\install.ps1
- Enter your virtual box windows 10 password π
- Now the download starts
- After Downloading Press
EnterButton to exitπ - Make sure you have these files in your folder or you can download raw files
- Hashmyfiles
- Fakenet
- Ghidra
- Regshot
