Hello everyone today we are going to learn what are the best ways to create sandbox VM images for malware analysis.
Currently, I am using the Trellix Intelligence sandbox some people are called McAfee ATD advanced threat defence this is a McAfee product but now the name is changed from McAfee to Trellix.
I am going to create Windows 10 virtual analyser image for the sandbox.
I will share the list of activities and basically the checklist that you have to follow during the analyser image creation.
Required Platform for Sandbox VM Image
A list of the operating systems is required for the VM image creation for more details mention the Trellix intelligent sandbox official article to system requirement and operating system requirement
- For the client machine, you can use Windows XP to Windows 10 with the specific version.
- For the server platform, you can use it from Windows Server 2003 to 2019
|Operating system||RAM||Disk Space||Image Name|
|Windows 7 32-bit||1024||14 GB||win7x64sp1.img|
|Windows 7 64-bit||2048||25–30 GB||win7x64sp1.img|
|Windows 8 /8.1 32bit to 64bit||2048||25–30 GB||win8p0x32.img/win8p0x64.img/win8p1x64.img|
|Windows 10 Pro / Enter||3072||25–30 GB||win10p0x64.img|
|Windows Server 2008||2048||14 GB||win2k8sp1.img|
|Windows Server 2012/R2||2048||25–30 GB||win2k12.img / win2k12r2.img|
|Windows Server 2016||2048||25–30 GB||win2k16.img|
|Windows Server 2019||3072||25–30 GB||win2k19.img|
Required software for VM Analyzer Image
The list of applications is Legacy and most of the application versions are end-of-life. most of the application is discontinued so if you download this application for a VM analyzer make sure you have to check no Malware or something.
|Microsoft Office||2003, 2007, 2010, 2013, 2016, and 2019|
|Adobe Flash Player software and plug-in||13|
|Adobe Flash Player plug-in only||188.8.131.52|
|Adobe Reader||9 to DC|
|Mozilla Firefox||all versions until 63.0|
|Internet Explorer||6, 7, 8, 9, 10, and 11|
|Google Chrome||all versions until 70.0|
|Microsoft Edge||79 – 93|
Virtual Machine Creation in VMware Workstation
This process is required by VMware Workstation so if you have already VMware Workstation make sure the version should be 9 or later, follow this link and you can download the latest version of VMware Workstation 16 as well.
Checklist for VM image Step by Step. (Windows 10)
- Windows 10 installation in VMware Workstation.
- Set the administrator account (windows10/11) Set Password- cr@cker42
- Microsoft Office installation and activation.
- Adobe Flash Player installation.
- Adobe Reader installation.
- Java installation JDK/JRE.
- All recommended browser installation.
- Microsoft Visual C++ Redistributable installation
- VM Provisioner Tool installation
- Upload vmdk file to Trellxi intelligence sandbox | McAfee advanced threat defence ATD
- Log in to the Console and got Image management select your vmdk image and put the file name according to your operating system.
- And click to convert and check the log under the system
How to upgrade your old ATD appliance from 4. x to 5. x follow this post
How to Install Sandbox Step-by-Step Guide