Help needed to create Virtual Machine for Malware Analysis

[Tarun]

Hello everyone,
I am Tarun, I am new to MalwareTips and I am posting as I require help from you guys in setting up a Virtual Machine for malware analysis, I have a lot of interest in testing malware but I read that VMware's settings need to be modified so as to use it for malware testing or else the host system can be rendered useless, so I request any of you guys to guide me in setting up a machine for malware analysis in VMWare..

 

[ueda]

Hi Tarun,

I'm not sure what you want to do, but you can find various vm images with IE8 - 11 in below site.
Free Virtual Machines from IE8 to MS Edge - Microsoft Edge Development
Just download and import a image you like, then you can save time.

 

[Tarun]

Thanks for your reply but I want guidance regarding isolation of VM in VMware for malware analysis...

 

[ueda]

I'm using NAT N/W configuration and disable folder sharing to isolate VM from host.

 

[tim one]

I can just share my experience with VirtualBox but I think the concept is similar also for VMware and static or dynamic malware analysis, the speech does not change.

It is important that the virtualized environment has to be isolated from the host one, so even if a malware infects the virtual machine, it would have no way to attack the real system.
There are situations however, in which this isolation can be problematic, and then it is necessary to avoid host/guest "clipboard" sharing and "drag ‘n drop" function.
It is necessary to check that the "shared folders" are turned off or by flagging "read-only" to prevent malware accidentally started in the VM can infect the host.

Very important is to use a VPN connection because NAT config. assumes the sharing of the host IP, so it is necessary to protect our real IP from malware access.

 

[jamescv7]

By default the network configuration is in NAT which isolates the IP address from our host system, so chances of slip infection is very minimal.

I've tested and experienced malware testing and no issues occurred, make sure to monitor like shared folder which must be disable when malware testing begin to avoid any infections; especially that ransomware can trashed everything including network that contains crucial files.

 

[Tarun]

Hey guys I've done this, just tell me if this process can infect my windows installation.
I've installed Ubuntu 16.04 LTS on my HDD(Same one on which windows 10 is installed)(Dual booting)
I've installed VMware Workstations player on Ubuntu and installed windows 7 on Virtual Machine
and if I start running malware on Virtual Machine.
Will that affect my Windows 10 Installation ?
My assumption is NO cause even if malware leaks on Ubuntu,it fails because no windows malware can't do its trick on Ubuntu.
Let me know if I am wrong and by the way both Windows and Ubuntu access Internet through same connection.

 

[ueda]

Will that affect my Windows 10 Installation ?
My assumption is NO cause even if malware leaks on Ubuntu,it fails because no windows malware can't do its trick on Ubuntu.
Let me know if I am wrong and by the way both Windows and Ubuntu access Internet through same connection.

I think there's no problem. If you mount Windows file system on Ubuntu, you may unmount it.

 

[jamescv7]

@Tarun

Not at all, very slim chance to happened that.

Remember that many threats kill itself when detected in isolated environment.