Basic Architecture
graph TD
subgraph VirtualBox
subgraph "Windows 7 Machine"
subgraph "Flare VM"
malware-analysis-tools
end
end
subgraph "Ubuntu 20.04.3 LTS Machine"
subgraph "Or Remnux"
end
end
end
graph TD
A[Malware Analysis Tools] --> B[IDA Pro]
A --> C[Ghidra]
A --> D[OllyDbg]
A --> E[x64dbg]
A --> F[Procmon]
A --> G[Wireshark]
A --> H[Volatility]
A --> I[CAPE Sandbox]
A --> J[Cuckoo Sandbox]
A --> K[YARA]
A --> L[PEStudio]
A --> M[Sysinternals Suite]
style A fill:#009688,stroke:#00695C,stroke-width:2px,color:#FFFFFF,font-weight:bold;
style B fill:#FF9800,stroke:#E65100,stroke-width:2px,color:#000000,font-weight:bold;
style C fill:#FF9800,stroke:#E65100,stroke-width:2px,color:#000000,font-weight:bold;
style D fill:#FF9800,stroke:#E65100,stroke-width:2px,color:#000000,font-weight:bold;
style E fill:#FF9800,stroke:#E65100,stroke-width:2px,color:#000000,font-weight:bold;
style F fill:#FF9800,stroke:#E65100,stroke-width:2px,color:#000000,font-weight:bold;
style G fill:#FF9800,stroke:#E65100,stroke-width:2px,color:#000000,font-weight:bold;
style H fill:#FF9800,stroke:#E65100,stroke-width:2px,color:#000000,font-weight:bold;
style I fill:#FF9800,stroke:#E65100,stroke-width:2px,color:#000000,font-weight:bold;
style J fill:#FF9800,stroke:#E65100,stroke-width:2px,color:#000000,font-weight:bold;
style K fill:#FF9800,stroke:#E65100,stroke-width:2px,color:#000000,font-weight:bold;
style L fill:#FF9800,stroke:#E65100,stroke-width:2px,color:#000000,font-weight:bold;
style M fill:#FF9800,stroke:#E65100,stroke-width:2px,color:#000000,font-weight:bold;
1 Install VirtualBox π¦
VirtualBox is essential for setting up a malware analysis lab as it allows for the creation of isolated virtual environments, enabling safe and controlled execution of potentially harmful malware samples.
Click here to Download Virtual Box
2 Install the Operating System
Now that you have installed your virtualization software you need to install a VM to run the malware and install all the tools that you need.
I will install a Windows 7 32 bit machine.
Windows 7 Home Premium SP1 (32-Bit)
Note: Installation could be very slow be patient
- Now open VirtualBox click new.
- Select Windows 7 32 bit and give a name to your VM.
- Then select the amount of RAM that you want to give to it. I suggest you to give 2500 MB of RAM.
- For the next ones just leave that with the default settings.
- Now choose the amount of memory (ROM) that you want to give to the VM. I suggest you 40 GB of memory.
Perfect! You have created your virtual machine.
3 Crucial things to do after windows 7 installation
Take the snapshot of the machine after these settings as a Baseline.
4 Flare VM Installation
Go to this repo https://github.com/mandiant/flare-vm Download install.ps1 to the windows VM
Open that folder where you saved install.ps1
and open the powershell as an administrator
Unblock the installation script by running:
1
Unblock-File .\install.ps1
Enable script execution by running:
1
Set-ExecutionPolicy Unrestricted
One Final Command to begin the flare-vm installation process
1
.\install.ps1
To use the CLI-only mode with minimal user interaction:
1
.\install.ps1 -password <password> -noWait -noGui -noCheck
Now sit-back and relax for
3 Hours!!!.π€―
If the installation prompts anything press y and hit enter approximately it will take almost 3 hours!!
Take the snapshot of the machine after installation as a FlareVM. so that if anythng happens in futere analysis to the machine you can easily restore the state of the machine!!
TooooLs
- PeStudio
- Process Hacker
- Process Monitor (ProcMon)
- ProcDot
- Autoruns
- Fiddler
- Wireshark
- x64dbg
- Ghidra
- Radare2/Cutter
- Cuckoo Sandbox