https://github.com/arjunraj79/automalwaresandbox

This project involves creating a malware analysis sandbox that can execute suspicious files in a controlled environment, monitor their behavior, and report on potential malicious activities. The sandbox will use virtual machines or containers to isolate the malware and prevent it from affecting the host system.
https://github.com/arjunraj79/automalwaresandbox

automated-testing malware-detection sandbox-environment vmware

Last synced: 2 months ago
JSON representation

This project involves creating a malware analysis sandbox that can execute suspicious files in a controlled environment, monitor their behavior, and report on potential malicious activities. The sandbox will use virtual machines or containers to isolate the malware and prevent it from affecting the host system.

• Host: GitHub
• URL: https://github.com/arjunraj79/automalwaresandbox
• Owner: arjunraj79
• Created: 2024-08-31T11:24:46.000Z (9 months ago)
• Default Branch: main
• Last Pushed: 2024-08-31T11:27:43.000Z (9 months ago)
• Last Synced: 2025-01-21T07:43:05.519Z (4 months ago)
• Topics: automated-testing, malware-detection, sandbox-environment, vmware
• Language: Python
• Homepage:
• Size: 1000 Bytes
• Stars: 1
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        
# Automated Malware Analysis Sandbox

## Project Overview

This project is a Python-based automated malware analysis sandbox that allows you to safely execute and analyze suspicious files within an isolated environment. The sandbox leverages either virtual machines (using VirtualBox) or containers (using Docker) to contain the execution of potentially harmful software. By monitoring system calls, network activity, file changes, and other behavior, the sandbox can identify and report on malicious activities, making it a powerful tool for cybersecurity professionals and researchers.

## Features

- **Isolated Environment**: Runs suspicious files in a fully isolated virtual machine or container to prevent infection of the host system.

- **Process Monitoring**: Tracks and logs process creation, termination, and activity during malware execution.

- **File System Analysis**: Detects and records changes to the file system, including file creation, deletion, and modification.

- **Network Monitoring**: Captures and analyzes network traffic generated by the malware.

- **Registry Changes (Windows)**: Monitors and logs changes to the Windows registry.

- **YARA Rules Integration**: Uses YARA rules to detect known malware patterns based on the collected data.

- **Automated Report Generation**: Provides a detailed report of the malware’s behavior, including detected threats and indicators of compromise (IOCs).