MALWARE ANALYSIS CA1 Lab setup and Malware Research Weight: 60% of overall marks Msc/PGDip in Cyber Security

Malware Lab
For installing the malware lab, we need to follow few steps. The following are few basic steps which can be followed one by one, and we can easily install malware lab in our system.
Step 1: Install Virtualization Software
The first step is to install the virtualization software with which the user is comfortable to configure it and troubleshoot the errors. The free options are VirtualBox and hyperV. If we want to set up the headless server for the lab then it would be better to select VMware vSphere hypervisor and it is also available for the free. If we are using the VMware workstation then it is important to use the commercial version which is workstation pro for the windows and Linux, and it is fusion pro for the Mac operating system. The free versions do not have any support for the snapshots. If we want to take the snapshots when we are examining malware then we have to revert to the state of virtual machine to the start and create a new investigation or perform the backtracking over an analysis step. It provides a trial period of 30 days for free.
Step 2: Get a Windows Virtual Machine
The second step is to get the windows virtual machine if we do not have any licensed version for the windows for the virtual machine then it is possible to download the windows ten virtual machine from the Microsoft for free of cost. We need to go to the Microsoft Edge page to download the virtual machine. We can select own the Windows 10 and then select the virtualization platform which has similar configuration with the one we are already having. If we are using the Mac operating system, then we may not be able to extract the contents of zip file unless we download the file extractor like the unarchiver.
Once we have downloaded it and extracted the archive then we can follow the steps which are appropriate for starting the virtual machine on the virtualization software. For example, for the VMware we need to extract the files into a dedicated folder and then we can launch the file which is named as Ms edge Windows 10 dot BMX. The Windows operating system present in the virtual machine will expire after the trial period of ninety days. It is recommended by the Microsoft to set the snapshot when we are first installing the virtual machine for which we can roll back later.
By default, password is assigned to the virtual machine in Microsoft. We do not need it to start the virtual machine and it will allow us to automatically log into it the machine, but we need to supply the same password when we are confirming configuring the operating system or installing a software.
Step 3: Update the VM and Install Malware Analysis Tools
The third step is to update the virtual machine and install malware analyst tools. When we boot the virtual machine for the first time it will allow us to connect with the Internet and assume that the physical host is able to get the access for the Internet. We can use this connection for updating the operating system to the latest patch level and also install different malware analysis tools. The next is to install the malware analyst tools.
There are few basic free windows tools which can be utilised for examining the malicious software present in the lab. The first one is the behavioural analysis and for this we can use process monitor, process hacker, Wireshark and ProcDOT. Another one is for the code analysis and the tools are idk freeware, skylla, PeStudio and x64dbg. It is also easy to install different types of the free malware and misses tools automatically with the help of flare VM distribution.
If the user wants, then they can install some of the virtual machine utilities like the VirtualBox guest edition and the BM wear tools, and they are free with the virtualization software. These utilities can be installed to make it more convenient for sharing the clipboard contents and the files between the virtual machine and the physical host.
When these utilities are present in the environment then they increase the chances of having the marvel detection inside the virtualize environment or also manage it to escape. If we do not use the file sharing methods which are supported by the virtualization software, then it will allow us to decide the manner in which we want to transfer the files in and out of the virtual machine. Another reasonable option is to access the USB key which is present within the virtual machine. Another one is the sftp. We can enable the SSH server which is present in the windows and then access it with the help of physical host or from another virtual machine with the help of SFTP client like the WinSCP.
Step 4: Isolate the Analysis VM and Disable Windows Defender AV
The fourth...