The Cuckoo Sandbox malware analysis environment is an open source project which is provided via the CuckooSandbox.org website. The Cuckoo Sandbox platform is an ideal environment to analyze malware samples for unique values, the platform is capable of creating an massive database of malware reports. The reports can be researched after they have been generated to the Cuckoo Sandbox.
Now here comes the thing, Cuckoo Sandbox is an project which has been designed for the Linux operating systems. The complete installation guide of Cuckoo Sandbox has also been designed for Linux operating systems – so what do the people do, when they have to install Cuckoo Sandbox on a Windows operating system?
They just do IT.
Foreword on the installation of Cuckoo Sandbox on a Windows operating System
This tutorial will guide you to install an Cuckoo Sandbox environment on your Windows operating system, but there are some points you need to be aware of:
I am still having trouble to get the following packages working on the Windows Cuckoo Sandbox lab:
- Cuckoo Sandbox webinterface
- Cuckoo Sandbox HostOnly option [Routing in Windows 8.1]
What does work:
- Cuckoo Sandbox cuckoo.py
- Cuckoo Sandbox api.py
- Cuckoo Sandbox submit.py
- MySQL database
- Cuckoo Sandbox virtual machine [cuckoo1]
So please note that this manual is provided as is, and it does not guarentee you that you will have a fully operational Cuckoo Sandbox lab on Windows.
If you are able to fix some problems or errors, please leave your feedback on the website.
Installing Cuckoo Sandbox on a Windows Operating System
The Cuckoo Sandbox project holds an incredible important manual on how to install the Cuckoo Sandbox project on a Linux operating system. I have used the Cuckoo Sandbox manual as a guideline and I have searched for Windows alternatives for the needed Cuckoo Sandbox modules and plugins.
Installation of Python 2.7
The manual of the Cuckoo Sandbox project states that the advised Python which you should use is the Python 2.7 version.
You can download the Python 2.7 version from the official Python website.
Installation of PIP for Windows
The next step which we need to take is the installation of PIP if it is not included. Do note that the latest version of Python 2.7.9+ already has PIP installed in the Python27\Scripts\ folder. If you do not see the PIP module, then head to the following website and follow the installation instructions:
Once we have PIP installed, we will need to run the following PIP commands via the CMD:
- pip install sqlalchemy bson
- pip install jinja2 pymongo bottle pefile django chardet
- pip install cybox==184.108.40.206
- pip install maec==220.127.116.11
- pip install MySQLdb (if this does not work, use https://pypi.python.org/pypi/MySQL-python/1.2.5)
Installation of MongoDB
The Cuckoo Sandbox project allows the operators to use the MongoDB database software to manage the reports and files.