Windows Sandbox – Flare VM

This config file will automatically convert a temporary Windows Sandbox environment into a Flare VM for malware analysis. Useful for standing up a “quick” flare-vm test environment on the fly. Additionally, enhanced logging telemetry is also enabled on the host. This is done by invoking just before kicking off the flare-vm install.


Install WSB (Windows Sandbox) and ensure all prerequisites are met:

Simply save this config (modify as neccissary) and be sure to preserve the “.wsb” extension.

Execute the .wsb file and a new sandbox VM will spawn and the script to install FlareVM will auto-execute. This can take some time so grab a coffee!

About Flare-VM:

Flare VM is a Windows virtual environment created by Mandiant and is a collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a virtual machine (VM).


Leave a Reply

Your email address will not be published. Required fields are marked *