Project 4 ‐ Windows Sandbox - jacobwilliams100/sec-440 GitHub Wiki

Deliverable 1: Screenshot of running Windows Sandbox

{CD49B63E-CB55-4296-8986-F038C4DFFCFE}

Deliverable 2

Configuration File

image

Ping to google.com (not working)

{C2972769-7AB6-46F3-B8F5-A946DBF8D3FF}

Shared Directory with Host

{63D50575-606E-41FF-BACD-97D5C1BFFC83}

image

Deliverable 3: Proof of my working Run-in-Sandbox

image

Deliverable 4: Proof of Powershell repo being utilized by my system

image

image

Proof of Malware Running in Sandbox

Luckily, the script fails because we are not connected to the internet. If we were, it might be able to send data to an adversary on the internet.

image

image

Reflection

I encountered some frustrations with this lab. In particular, the BanterBox Windows-Sandbox utility was challenging to get working. It was hard to get the malware to run in Sandbox because it always got caught by the built-in, un-modifiable Windows Defender. It turns out it needed to be disabled in the configuration file. That said, I enjoyed getting to learn how to use Windows Sandbox. If I was testing malware, I think it would use a conventional VM such as a Windows installation in a VMWare VM, but this is an option that I didn't know about and will probably use in the future.