CONSTRUCTION OF A VIRTUAL MACHINE FOR DYNAMIC ANALYSIS OF MALWARE

Abstract

The paper is devoted to the practical aspects of creating virtual machines for analyzing the behavior of malicious software. The study examines practical issues related to the construction and automation of virtual machines for dynamic malware analysis in the context of the increasing complexity of modern cyber threats. Current approaches to isolated execution and behavioral monitoring of malware samples are analyzed, taking into account modern obfuscation techniques and anti-virtualization mechanisms. An algorithm for constructing a controlled virtual environment for the dynamic analysis of software samples based on the VirtualBox hypervisor is proposed. The solution provides automated deployment, execution, and termination of malware behavior analysis. A PowerShell script has been developed that implements the complete dynamic analysis lifecycle, including the creation of a virtual machine with predefined parameters, transfer of analyzed software samples and monitoring tools, execution of the target code, collection of log files, screenshots, and analysis results, followed by their retrieval to the host system. Attention is paid to the scalability and modifiability of the proposed software solution, which enables the integration of various monitoring tools, modification of sample execution scenarios, and adaptation of the environment to different types of malicious software. The developed approach was tested using executable code samples that perform modifications to the file system and the Windows operating system registry. The paper presents the results of developing a software tool for deploying a virtual machine for dynamic malware analysis, which simplifies and automates the process of investigating executable code samples. An algorithm for constructing an environment for the dynamic analysis of malicious software is proposed.