PMA 31: Preparing a Windows 2016 Machine for Malware Analysis (10 pts)

What you need

Blocking Automatic Updates -

Updates are important for security, but for this class we want a vulnerable target machine, so we'll stop them.

On your Windows Server 2016 desktop, in Server Manager, on the top right, click Tools, "Windows PowerShell", as shown below.

In PowerShell, execute this command:

A menu appears, as shown below. Enter these values:

The Command line opens and after a minute or two an "Update Settings" box pops up should pop up.
Click OK

Disabling IE Enhanced Security Configuration

This setting prevents you from downloading software directly on the server, which is a poor practice.

We want to allow that, so do these steps:

In Server Manager, on the left side, click "Local Server". On right side, find "IE Enhanced Security Configuration". Click the word On next to it, as shown below.

In the "Internet Explorer Enhanced Security Configuration" box, click both Off buttons, as shown below.

Click OK.

Creating a "Malware" folder

Right-click on the Windows desktop and click New, Folder.

Name the folder Malware.

Adding a Windows Defender Exception

Click Start and type DEFENDER. Click "Windows Defender".

In Windows Defender, click Settings.

In Windows Defender, in the "Exclusions" section, click "Add an exclusion", as shown below.

In the "Add an exclusion" window, click "Exclude a folder".

Navigate to the Malware folder, as shown below.

Click "Exclude this folder". Close the Settings window.

Installing Firefox

In Internet Explorer, go to

Download and install Firefox.

Installing 7-Zip

In Firefox, go to

Download and install the 64-bit version of 7-Zip.

Downloading the Lab Files

In Firefox, go to

Click PracticalMalwareAnalysis-Labs.7z, as shown below.

On the next page, right-click Download and click "Save Link As...", as shown below.

Navigate to your Malware folder and save the file there.

Extracting the Lab Files

On your desktop, double-click the Malware folder.

Right-click the PracticalMalwareAnalysis-Labs.7z file and click 7-Zip, "Extract Here", as shown below.

A box pops up asking for a password. Enter


as shown below.

A new file appears, with a red icon, named PracticalMalwareAnalysis-Labs, as shown below.

Double-click the PracticalMalwareAnalysis-Labs file.

Click Accept. Click Extract.

A folder appears with the malware samples, as shown below.

PMA 31.1 Recording Your Success (10 pts)

In the "Malware" window, open these folders:
  • PracticalMalwareAnalysis-Labs
  • BinaryCollection
  • Chapter_1L
Right-click Lab01-01.dll and click Properties.

The flag is the file size, covered by a green box in the image below.

Posted 1-26-21