Take a look here before start.
Press Shift+F10 while installing Windows to open a Command Prompt window.
diskpart <Enter>
select disk 0
create partition primary
Cuckoo-mgr should have 2 network interfaces
- Click Start, type netplwiz, and then press Enter.
- In the User Accounts dialog box, highlight the account you want to automatically log on to. Uncheck the Users Must Enter A User Name And Password To Use This Computer.
- Click OK.
- In the Automatically Log On dialog box, enter the user’s password twice and click OK.
- Start, type Windows Defender and hit enter
- Tools menu -> Options
- Disable “Automatic Scanning"
- Disable “Realtime Protection”
- Disable Administrator -> Use this program
Under Action Center -> Change Action Center Settings turn off messages for:
- Windows Update
- Spyware and Related Protection
- Virus Protection
- Windows Backup
- Check for Updates
- Launch Internet Explorer
- Choose "Dont use recommended settings"
- Under Tools -> Internet Options. Set your homepage to held a about:blank, then click apply
To auto-execute downloaded files, you must:
-
Create this key if it doesn't exist:
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\AttachmentExecute\{0002DF01-0000-0000-C000-000000000046}" -
Fill with some values, e.g.:
reg add "HKCU\Software\Microsoft\Windows\Shell\AttachmentExecute\{0002DF01-0000-0000-C000-000000000046}" /f /v Word.Document.12 /t REG_SZ /d 0
Look under the registry base key HKEY_CLASSES_ROOT for more extensions. There will be keys there called ".pdf", ".xls", etc. The default value for the key is the ProgID.
HKEY_CLASSES_ROOT
.ext
(Default) = ProgID.ext.1
OBS.: For 7zip file associations look here
Also, you may want to add these:
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations" /v "DefaultFileTypeRisk" /t REG_DWORD /d "1808" /f
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments" /v "SaveZoneInformation" /t REG_DWORD /d "1" /f
Sources:
- https://msdn.microsoft.com/pt-br/library/windows/desktop/cc144148(v=vs.85).aspx
- https://msdn.microsoft.com/en-us/library/windows/desktop/ms724475(v=vs.85).aspx
- https://support.microsoft.com/pt-br/help/883260/information-about-the-attachment-manager-in-microsoft-windows
- Install Python 2.7
- Add to system PATH: C:\Python27
- Create new system variables
PYTHONHOME = C:\Python27
PYTHONPATH = C:\Python27\DLLs;C:\Python27\Lib;C:\Python27\Lib\site-packages
- Download and install Pillow
- Go to Start Menu -> Control Panel -> User Accounts and Family Safety -> User Accounts.
- Click on Change User Account Control settings link.
- Slide the slider bar to the lowest value with description Never notify.
- Click OK to make the change effective.
- With regedit browse to
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- Add a new "string value" with any name, fill the value with the file path where the Cuckoo agent was placed (e.g. C:\agent\agent.pyw). It is a good idea to change the agent name for anything else.
- Open cmd console and do:
reg add "hklm\system\CurrentControlSet\Control\TerminalServer" /v AllowRemoteRPC /d 0x01 /t REG_DWORD /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v LocalAccountTokenFilterPolicy /d 0x01 /t REG_DWORD /f
- Set the IPv4 properties of your Host-Only NIC to use the following ip address
- 192.168.56.101
- Set the IPv4 properties of your Host-Only NIC to use the default gateway
- 192.168.56.1
- Set the IPv4 properties of your Host-Only NIC to use the following dns server addresses
- 8.8.8.8
Restart the VM.