Hello everyone today we are going to learn what are the best ways to create sandbox VM images for malware analysis.
Currently, I am using the Trellix Intelligence sandbox some people are called McAfee ATD advanced threat defence this is a McAfee product but now the name is changed from McAfee to Trellix.
I am going to create Windows 10 virtual analyser image for the sandbox.
I will share the list of activities and basically the checklist that you have to follow during the analyser image creation.
Required Platform for Sandbox VM Image
A list of the operating systems is required for the VM image creation for more details mention the Trellix intelligent sandbox official article to system requirement and operating system requirement
- For the client machine, you can use Windows XP to Windows 10 with the specific version.
- For the server platform, you can use it from Windows Server 2003 to 2019
| Operating system | RAM | Disk Space | Image Name |
|---|---|---|---|
| Windows 7 32-bit | 1024 | 14 GB | win7x64sp1.img |
| Windows 7 64-bit | 2048 | 25–30 GB | win7x64sp1.img |
| Windows 8 /8.1 32bit to 64bit | 2048 | 25–30 GB | win8p0x32.img/win8p0x64.img/win8p1x64.img |
| Windows 10 Pro / Enter | 3072 | 25–30 GB | win10p0x64.img |
| Windows Server 2008 | 2048 | 14 GB | win2k8sp1.img |
| Windows Server 2012/R2 | 2048 | 25–30 GB | win2k12.img / win2k12r2.img |
| Windows Server 2016 | 2048 | 25–30 GB | win2k16.img |
| Windows Server 2019 | 3072 | 25–30 GB | win2k19.img |
Required software for VM Analyzer Image
The list of applications is Legacy and most of the application versions are end-of-life. most of the application is discontinued so if you download this application for a VM analyzer make sure you have to check no Malware or something.
| Software | Version Details |
|---|---|
| Microsoft Office | 2003, 2007, 2010, 2013, 2016, and 2019 |
| Microsoft Outlook | 2010 |
| Adobe Flash Player software and plug-in | 13 |
| Adobe Flash Player plug-in only | 32.0.0.238 |
| Adobe Reader | 9 to DC |
| jdk-7u25 | 32-bit /64bit |
| jre-7u25 | 32-bit /64bit |
| jdk-8u101 | 32-bit /64bit |
| jre-8u101 | 32-bit /64bit |
| Mozilla Firefox | all versions until 63.0 |
| Internet Explorer | 6, 7, 8, 9, 10, and 11 |
| Google Chrome | all versions until 70.0 |
| Microsoft Edge | 79 – 93 |
Virtual Machine Creation in VMware Workstation
This process is required by VMware Workstation so if you have already VMware Workstation make sure the version should be 9 or later, follow this link and you can download the latest version of VMware Workstation 16 as well.
Checklist for VM image Step by Step. (Windows 10)
- Windows 10 installation in VMware Workstation.
- Set the administrator account (windows10/11) Set Password- cr@cker42
- Microsoft Office installation and activation.
- Adobe Flash Player installation.
- Adobe Reader installation.
- Java installation JDK/JRE.
- All recommended browser installation.
- Microsoft Visual C++ Redistributable installation
- VM Provisioner Tool installation
- Upload vmdk file to Trellxi intelligence sandbox | McAfee advanced threat defence ATD
- Log in to the Console and got Image management select your vmdk image and put the file name according to your operating system.
- And click to convert and check the log under the system
How to upgrade your old ATD appliance from 4. x to 5. x follow this post
How to Install Sandbox Step-by-Step Guide