Closed wbenny closed 8 years ago
Would probably make sense ;)
i put .bat into startup dir, and after reboots i have patched machine :)
@jbremer sense is that when a malware reload machine, then look that is a VM, also Cuckoo has problems when VM reload during analysis.
@doomedraven is one solution, problem is that a malware search in startup dir or in run or runonce registry keys, then it look .bat and know that is a VM for malware analysis. One step more is that .bat change name random each time, but still a malware can search into .bat content or only when not look .bat run reality.
This functionality has since moved to Cuckoo itself, so going to close this issue now. Thanks!
Wouldn't it be appropriate to run subset of functions from bootstrap.py (namely, the registry renaming) after reboot?