Malbox is a quick and dirty setup to create a malware analysis VM (but the way I like)
Because I prefer to have my malware analysis box customized according to my own preferences. I found that existing setup tools often missed some steps or resulted in a messy outcome, which didn't sit well with my OCD.
- Own a fresh Windows VM guest
Run the following steps only inside the VM guest!
- Disable manually Windows Defender (all switches)
- Download the repository
- Open administrator Powershell prompt
cd .\MalBoxSet-ExecutionPolicy Unrestricted -Force.\Install-MalBox.ps1- Go grab a
coffeemeal
- Uninstalls Windows Defender using Defender-Control
- Disables automatic Windows updates
- Disables ASLR
- Disables UAC
- Sets file extensions and hidden files to be visible
- Extends the trial period of Windows (so it won't reboot every 10 minutes)
- Installs Chocolatey
- Installs Chocolatey packages (configurable in the script's config)
- Extracts MalBox archive to desktop
- Adds (sym)links to Malbox directory
- Pins tools of choice to the taskbar using PTTB (configurable in the script's config)
- Sets background wallpaper (configurable in the script's config)
Check the wallpapers directory for the awesome images created by Midjourney
Comment out any step according to your needs
- Python & Java & Dotnet
- Sublime Text 3
- Fiddler
- Wireshark
- UPX
- 7-Zip
- Everything
- x64dbg
- Ghidra
- Cutter
- DnSpyex
- GarbageMan
- Imhex
- HxD
- Detect It Easy
- Explorer suite
- PE-Bear
- PE-Studio
- Resource-Hacker
- API Monitor
- System Informer (Process Hacker)
- Hollows-Hunter
- PE-Sieve
- Process Monitor
- CyberChef
- UPX
- Autoruns
- Blob Runner
- CMDWatcher
- PE Unmapper
- SigCheck
- Floss
- TCP Viewer
- WinObj