Upload a file and automatically start malware analysis with VM provisioning.
Your malware file to execute on the VM
The VM / EDR you want to test against
AutoIt is more realistic for initial access payloads. Will "click" the file (and container). Direct execution invokes the target directly. Supports .exe arguments. Supports .dll. For testing tools. Clickfix will interpret the content of the file as single line string to be inserted into the run dialog.
[Optional] .EXE: Command line parameters [Mandatory] .DLL: Exported function name to invoke
How long the payload runs. Increase this to observe post-ex behaviors like beacon callbacks.
Accepted range: 3 - 7200 seconds. Default 10 seconds.
This analysis profile requires password authentication. Enter the password to proceed with the analysis.
The target directory path where the malware should be initially placed on the virtual machine
Default: C:\Users\Public\Downloads\ Whitelisted execution: C:\RedEdr\data\
C:\Users\Public\Downloads\
C:\RedEdr\data\
[Optional] URL pointing to more information about the payload
[Optional] description of the payload. What loader, C2 payload etc.
[Optional] description of what you're testing or trying to achieve with this analysis. Include your hypothesis, what detection capabilities you're evaluating, or research objectives
[Optional] project name to group related submissions together