Hello everyone today we are going to learn what are the best ways to create sandbox VM images for malware analysis.
Currently, I am using the Trellix Intelligence sandbox some people are called McAfee ATD advanced threat defence this is a McAfee product but now the name is changed from McAfee to Trellix.
I am going to create Windows 10 virtual analyser image for the sandbox.
I will share the list of activities and basically the checklist that you have to follow during the analyser image creation.
Required Platform for Sandbox VM Image
A list of the operating systems is required for the VM image creation for more details mention the Trellix intelligent sandbox official article to system requirement and operating system requirement
- For the client machine, you can use Windows XP to Windows 10 with the specific version.
- For the server platform, you can use it from Windows Server 2003 to 2019
|Windows 7 32-bit
|Windows 7 64-bit
|Windows 8 /8.1 32bit to 64bit
|Windows 10 Pro / Enter
|Windows Server 2008
|Windows Server 2012/R2
|win2k12.img / win2k12r2.img
|Windows Server 2016
|Windows Server 2019
Required software for VM Analyzer Image
The list of applications is Legacy and most of the application versions are end-of-life. most of the application is discontinued so if you download this application for a VM analyzer make sure you have to check no Malware or something.
|2003, 2007, 2010, 2013, 2016, and 2019
|Adobe Flash Player software and plug-in
|Adobe Flash Player plug-in only
|9 to DC
|all versions until 63.0
|6, 7, 8, 9, 10, and 11
|all versions until 70.0
|79 – 93
Virtual Machine Creation in VMware Workstation
This process is required by VMware Workstation so if you have already VMware Workstation make sure the version should be 9 or later, follow this link and you can download the latest version of VMware Workstation 16 as well.
Checklist for VM image Step by Step. (Windows 10)
- Windows 10 installation in VMware Workstation.
- Set the administrator account (windows10/11) Set Password- cr@cker42
- Microsoft Office installation and activation.
- Adobe Flash Player installation.
- Adobe Reader installation.
- Java installation JDK/JRE.
- All recommended browser installation.
- Microsoft Visual C++ Redistributable installation
- VM Provisioner Tool installation
- Upload vmdk file to Trellxi intelligence sandbox | McAfee advanced threat defence ATD
- Log in to the Console and got Image management select your vmdk image and put the file name according to your operating system.
- And click to convert and check the log under the system
How to upgrade your old ATD appliance from 4. x to 5. x follow this post
How to Install Sandbox Step-by-Step Guide