Skip to content

dwmetz/detonaRE

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

detonaRE

Capture. Detonate. Collect.

From Latin - "to detonate"

Functions:

  • initiates .etl packet capture
  • initiates Process Monitor with a filter applied for the malware to be detonated
  • launches malware sample
  • terminates packet capture after specified interval
  • initiates evidence collection with Magnet RESPONSE (memory, process, and triage capture)
  • terminates the malware process
  • converts collected .etl file to .pcap with etl2pcapng.
  • converts collected .pml to .csv
Prerequisites:
## variable configuration:
$malwspath = "E:" ## malware source path
$malwdpath = "C:\Users\REM\Desktop\Malware\" ## malware destination path on target host
$malware = "malware.exe" ## malware executable
$pcaptime = 180 ## duration in seconds for pcap capture
$toolsdir = "E:\Tools" # tools directory
$collectiondir = "E:\Collections" ## output directory for collections
$procmonconfig = "$toolsdir\malw.pmc" ## Process Monitor configuration file
##

About

Capture. Detonate. Collect

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published