i try to build up a sandbox for our company to mostly analyze found/suspicious USB drives and also have a environment where i can detonate malware to see and show what its doing.
Whats a sandbox without malware analysis? Right, nothing because u cant always see the dangerous things happen.
So there was cuckoo, even with an How-to for windows 10 systems. But it showed up that its not compatible and running anymore. Only supports Python 2.7 so far no problem but in the end i had a problem with mongodb being out of date. Latest comment of github telling me its not working anymore.
Then i found on this wiki the Boombox, automated installation of cuckoo on windows 10. Sounds perfect. But it seems script templates out of date. New versions of packer causing errors.
Now u will think, why isn’t he using Linux instead? Well i want an environment thats mostly similar to our clients and i think that those out of date programs will have problems with current malware.
So if anyone has an idea how i can realize a DIY malware analyzing sandbox i would be thankful. Or maybe a can combine different tools? Last idea is to run a VM with our AV program only alerting and use its analysis but thats not really what i want. Im kinda unsure about the internet connection of the sandbox, what if the malware somehow breaks out.