5 Step Pre-built Malware Analysis Lab

Set up your own prebuilt-Windows10 based malware analysis lab in Hyper-V

Creating your own malware analysis lab can be time consuming and hectic, to setup all the tools required might take 2–3 days if not a whole week for a beginner.

It took me 2 weeks to develop a stable malware analysis lab when I was getting started, finding all the tools, automation scripts and even setting up a VM was a challenge.

So I’ve created a complete VM pre-installed will all the required tools and an activated development copy of windows10 for 90 days which you can simply import in your computer in mere clicks.

Pre-installation requirements

1. You need stable internet connection to download ~16.2GB data.
2. Windows 10 Pro/Enterprise/Education (Only they have Hypervisor installed)
3. 64-bit Processor with Second Level Address Translation (SLAT).
4. CPU support for VM Monitor Mode Extension (VT-c / VT-x on Intel CPUs).
5. Minimum of 4 GB memory
6. ~100GB free storage space.
7. 7zip archive manager to extract .7z file, you can download this for free from —

7-Zip

Activate Hyper Visor

Search for Hyper-V Manager in your windows search you should get something like —

Fig: Hyper-V Manager search result

If you don’t see it, you may need to enable it. Follow the official guide below to do so-

Enable Hyper-V on Windows 10

Once this is done, we can start our main endeavor.

Download the VM package

This is the only part where you will need internet data to download a large file (16GiB), this is my compressed export files from my own setup.

Go to the GitHub repository given below and click the download link, if I ever change my file location, it will be updated here so it will be always available to you no matter when you are reading this post.

Saket-Upadhyay/HyperV-malwareanalysis-VM

Installation

Step 1 : Extract the archive

Use 7z archive manager to extract the downloaded file in location of your choice.

Screenshot : Extracting MalwareAnalysisLab_Win10_HyperV.7z

Step 2 : Start Hyper-V Manager

Search for “Hyper-V Manager” in your windows search and run it.

Screenshot: Hyper-V Manager search result

Step 3 : Import VM

Click on “Import Virtual Machine” option.

Import Virtual Machine Option in Hyper-V manager

Then you will need to select the folder to import VM from, go ahead and select MSEdge — Win10 from the extracted folder.

Select “Fresh Install (with Flare, 90days activation)” and click Next

Select “Register the Virtual Machine in-place” and click Next

Click Finish.

Wait for the import to complete.

Step 4 : Create checkpoint

To be able to revert back to your activated windows create a checkpoint to reverse everything will fresh install.

Right click on the new VM and click “Checkpoint”

Wait for it to complete and you will see new checkpoint in “Checkpoints” section.

DONE! you have successfully installed the VM in your PC.

Step 5 : Start your VM

To start your VM click Start from side panel or right-click on the VM and select “Start”

Once it’s running, Right-click again on VM and select “Connect” to connect your display to VM.

Select your preferred resolution, I suggest “Full Screen”. Click Connect.

User Password

You will be asked for password to log-in IEUser, password is : Passw0rd!

After that you will see your OS screen, at your service.

Conclusion

All the tools are installed in Flare folder.

I hope this will make your LAB-Setup process easier and you will be ready to dive into enormous world of Malware Analysis.

Resources to replicate —

fireeye/flare-vm

Set up a Malware Analysis Lab With Windows, Hyper-V and FLARE VM

Virtual Machines