Windows Sandbox Init Script

What it does

This project aims to automatically configure a Windows Sanbox for malware analysis with offline software packages.

Make sure you have Windows Sandbox enabled.

Customize packages.json if you need to remove or add packages.

Run download_pkgs.ps1 to download all packages for offline use, and update the checksums for later verification.
Start start.wsb.
Generally it should be done in 2 minutes.
Put malware samples in ./MALWARE and you will find it on desktop.
Try with the provided sample, password is infected (from VX Underground).

Note:

Use start.wsb whenever possible
If Internet is needed, use danger_zone_start_with_internet.wsb, ideally in an isolated physical network
If you just need to capture some network traffic without the need of Internet connectivity, the default start.wsb should be sufficient, just capture traffic on the TUN device

win-sandbox.mp4

Name		Name	Last commit message	Last commit date
Latest commit History 71 Commits
MALWARE		MALWARE
ghidra_config		ghidra_config
imhex_config		imhex_config
npp_config		npp_config
packages		packages
screenshots		screenshots
scripts		scripts
.gitignore		.gitignore
LICENSE		LICENSE
README.md		README.md
danger_zone_start_with_internet.wsb		danger_zone_start_with_internet.wsb
start.wsb		start.wsb