1
00:00:00,420 --> 00:00:07,230
Let us see a demonstration of how to build the lab, before reaching to this point, I have installed

2
00:00:07,230 --> 00:00:10,650
a virtual box and spinned up a Windows 7 virtual machine.

3
00:00:11,370 --> 00:00:16,160
The step by step instructions to do so is found in the resourse section of this lesson.

4
00:00:16,170 --> 00:00:23,460
we have this Windows 7 machine up and running now, but before turning it into a sandbox,

5
00:00:23,760 --> 00:00:30,780
we need to download the tools used for malware analysis because we have configured the network settings

6
00:00:30,780 --> 00:00:33,600
in either nat mode or bridge mode

7
00:00:34,170 --> 00:00:36,800
We do have Internet access on the virtual machine.

8
00:00:37,890 --> 00:00:41,520
This will help us in downloading the tools and the malware sample.

9
00:00:42,870 --> 00:00:47,810
I have already downloaded and installed Firefox and binsip software on this virtual machine.

10
00:00:48,750 --> 00:00:51,810
Now we will start downloading the tools one by one.

11
00:00:53,130 --> 00:00:58,110
I have saved the links of all the tools in a text file here on desktop.

12
00:00:59,190 --> 00:01:02,900
These links are shared to you in the resource section of this lesson.

13
00:01:04,390 --> 00:01:07,630
First, we will begin by downloading HashCalc.

14
00:01:23,850 --> 00:01:28,110
Then we will download HxD Hex editor.

15
00:01:40,230 --> 00:01:45,120
third tool required for Malware analysis is Exeinfo PE.

16
00:01:59,980 --> 00:02:03,190
Then we will download UPX software.

17
00:02:24,130 --> 00:02:27,430
Followed by a tool called Bin Text.

18
00:02:37,320 --> 00:02:40,530
We would also need PE studio.

19
00:02:55,030 --> 00:02:59,920
Then we will download Process Monitor or procmon.

20
00:03:09,590 --> 00:03:11,240
Next is Regshot.

21
00:03:26,930 --> 00:03:28,970
Followed by autoruns.

22
00:03:39,790 --> 00:03:42,160
We will also download Procdot.

23
00:03:56,340 --> 00:03:59,040
And finally, download the fakenet .

24
00:04:15,390 --> 00:04:19,630
At this point in time, we will also download a real malware sample.

25
00:04:21,030 --> 00:04:22,970
This sample is password protected.

26
00:04:23,640 --> 00:04:28,020
The link to download the sample is provided in the resource section of this lesson.

27
00:04:32,420 --> 00:04:35,090
Now that we have downloaded all the necessary tools.

28
00:04:36,850 --> 00:04:40,660
Let's disable Internet connection by removing the network adapter.

29
00:04:42,230 --> 00:04:48,440
To do so, we will go to the settings of the virtual machine and network down here, we will select

30
00:04:48,710 --> 00:04:49,610
not attached.

31
00:04:52,860 --> 00:04:56,990
To be double sure, we will disable the network adapter in the operating system as well.

32
00:05:08,220 --> 00:05:13,460
We can verify that the system does not have an IP address or the Internet connection.

33
00:05:32,660 --> 00:05:37,370
Here, it also shows that the system does not have internet connection by this red X mark.

34
00:05:39,900 --> 00:05:46,260
Final step in converting this virtual machine into a sandbox is to disable the default antivirus.

35
00:05:47,380 --> 00:05:55,180
That is Windows Defender, antivirus will stop the execution of some script or might even detect the file

36
00:05:55,180 --> 00:06:01,960
as malware and delete it, but our intention is to study the malware, to understand what it is trying

37
00:06:01,960 --> 00:06:02,260
to do.

38
00:06:03,660 --> 00:06:05,610
So let's get AV out of our way.

39
00:06:10,570 --> 00:06:13,780
We are now ready with our malware analysis LAB.