jbremer
commented
9 years ago Would probably make sense ;)
Closed wbenny closed 8 years ago
jbremer
commented
9 years ago Would probably make sense ;)
doomedraven
commented
9 years ago i put .bat into startup dir, and after reboots i have patched machine :)
jhg
commented
9 years ago @jbremer sense is that when a malware reload machine, then look that is a VM, also Cuckoo has problems when VM reload during analysis.
@doomedraven is one solution, problem is that a malware search in startup dir or in run or runonce registry keys, then it look .bat and know that is a VM for malware analysis. One step more is that .bat change name random each time, but still a malware can search into .bat content or only when not look .bat run reality.
jbremer
commented
8 years ago This functionality has since moved to Cuckoo itself, so going to close this issue now. Thanks!
Wouldn't it be appropriate to run subset of functions from bootstrap.py (namely, the registry renaming) after reboot?