In my first attempt to analyze a recent malware sample, there are a few first steps I need to consider:
I downloaded the Windows 10 ISO and opened it in VirtualBox. However, I ran into a problem: I stopped the ISO from booting up at 81%.
I created another VM and deleted the previous one. Right now, as I type, it is at 31% ready for installation. My laptop is getting warm but seems to be handling it well.
It is currently Day 2, and the Windows VM took forever to install. Hopefully, it will run faster this time around.
... SOOOOOOOOOOOOOO
It's become painfully clear that this project has been going on for a bit too long for my liking.
Here are some problems I ran into while trying to build this thing.
The Linux distribution (Debian bookworm) that I'm using is only compatible with python 3 and higher. So I had a lot of difficulties with the dependencies and the packages. On top of that, I needed a windows VM to do the analysis. I refuse to use my physical machine to it.
There goes my first mistake. I opened up my Linux VM and thought I could run the Windows VM in there. Turns out, VirtualBox doesn't do that but VMWare does and that's out of my price range. So I decided, "Well, if I can't do malware analysis on my Linux VM then I may as well figure out how to do it on my physical machine."
I set out to do just that. I found out that I can use wsl (Windows Subsystem Linux) to run Linux (Bookworm Debian) on my physical Windows machine. So that's what I've been doing as of late. As of this writing it is currently: May 5, 2025 9:43 AM.
Right now I'm setting up the windows virtual machine to get this puppy going. Let's get it!