Installing Win 11 on Mac M1/M2 for Malware Analysis

Kamran Saifullah
4 min readJul 16, 2023

--

Well, since the Apple has released M1 and M2 chips for the Mac lovers. It has become quite a difficult task to use VMware, VirtualBox as well as to install a number of operation systems due to the reason they don’t support these chips.

In this article, we will go around the way to install Windows 11 for Malware Analysis on Mac M1 and M2.

The first and the foremost things is to download the Windows 11 preview build from the Microsoft Insider Program using the below link.

This is going to be around 10 GBs. Once downloaded the second step is to download the VMWare Fusion as it works on the M1/M2 mac now.

Once installed. We need to do some hacking with the VHDX image downloaded from the Microsoft Insider Program. Fire up your terminal and install the qemu.

Once QEMU has been installed you should be able to access the following commands directly from your terminal.

If its working fine, then move to the Download folder and use the following command to convert the VHDX file into VMDK file. Make sure that “VMDK” is in lowercase else you will have difficulties onboarding the disk onto the Vmware Fusion.

Once the disk has been converted. Now we can hop into our VMWare Fusion to install the Windows 11.

Click on the + icon in the top-left menu and click on new.

Now, click on Create a Custom Virtual Image.

Select Windows 11 for ARM.

Let the following page remains the same.

Add password of your choice.

Now click on “Use an existing Virtual Disk” and select the VMDK file we have created previously and finish.

Once all done and finished, your Windows 11 will load automatically. Follow the steps until you reach the internet page. We are required to use some hacking skills here.

Once you are on the below page. Use the following combination on your Mac keyboard to open up a terminal.

SHIFT + Function + F10 (All Together)

This will open up a terminal and then type the following.

> OOBE\BYPASSNRO and hit enter

Once done, it will restart your machine and now your issue is resolved. Now you can click on “I dont have the internet” and proceed further.

Set the username, password and security questions. Once all done. You are welcomed with the screen you have struggled for.

The final step is take a snapshot of the VM so that we can roll back to the fresh installation once we are done with analyzing the malwares.

Once we are done with the snapshot, we can move forward to disable the Windows Defender as we don’t need it.

Ensure to log in using the created office account. Once all done, open the gpedit.msc and locate the following.

Open it up and make it enabled.

Restart your machine and take another snapshot. Before you go any further you need to install the VMWare Tools. Which can be done by doing the following.

Then run Powershell in Administrative mode and execute the script.

Finally, go the the Flare VM Github page.

Download the script and execute it to build your Flare VM machine for malware analysis.

This will take much time as it will be downloading a number of tools onto the VM. Once all done, you are good to go to start with your Malware Analysis.

--

--

Kamran Saifullah
Kamran Saifullah

Written by Kamran Saifullah

Malware/RE/Firmware Analysis, App Sec/Off Sec, VAPT, Phishing Simulations/SE | Risk Management, IS Governance, Audits, ISO 27001 LI

No responses yet