search

cuckoosandbox / community

Repository of modules and signatures contributed by the community
324 stars 175 forks source link

No "Behavior Summary" section in the report. #377

Closed mohd1024 closed 6 years ago

mohd1024 commented 6 years ago

Hi All,

I just installed Cuckoo using the pip command as instructed in the documentation. Cuckoo is running correctly and I am able to submit and run executables for analysis. However, I can only see the basic info and the signatures sections in the report. I would like to see other information such as the behavior summary, processes, networking, etc. I have tried the following:

I can see that that the behavior analysis has been executed in cuckko log, something like 2017-12-05 14:01:48,524 [cuckoo.core.plugins] DEBUG: Executed processing module "BehaviorAnalysis" for task #5 cuckoo.log analysis.log

but no behavior info in my log.

I am wondering if I am missing something or there is some other configuration required to enable this. I am attaching sample logs.

Thanks

doomedraven commented 6 years ago

maybe bcz of 

2017-12-05 14:01:30,230 [analyzer] ERROR: Auxiliary module RecentFiles was not implemented
Traceback (most recent call last):
  File "C:/tmpuzxca8/analyzer.py", line 623, in run
    aux.start()
  File "C:\tmpuzxca8\modules\auxiliary\recentfiles.py", line 55, in start
    dirpath = self.get_path()
  File "C:\tmpuzxca8\modules\auxiliary\recentfiles.py", line 43, in get_path
    r = SHELL32.SHGetKnownFolderPath(
  File "C:\Python27\lib\ctypes\__init__.py", line 375, in __getattr__
    func = self.__getitem__(name)
  File "C:\Python27\lib\ctypes\__init__.py", line 380, in __getitem__
    func = self._FuncPtr((name_or_ordinal, self))
AttributeError: function 'SHGetKnownFolderPath' not found

provide exact version of OS and cuckoo

mohd1024 commented 6 years ago

I am running Cuckoo 2.0.4 and the guest is Windows XP SP3

I found another issue posted earlier for this error at https://github.com/cuckoosandbox/cuckoo/issues/1934

And seems that it is related to Windows XP. Since the analyser continued working after this error, I thought it is not a deal breaker. Not sure if this is the case?

I tried to disable this auxiliary module by adding the following to auxiliary.conf

[RecentFiles]
enabled = no

But still the same issue. Looks like it is required.

mohd1024 commented 6 years ago

I could not solve the issue using the "SingleFile" reporting module. Still, I do not see the behaviour in the generated html file. However, I switched to the web interface and I can now see all the behaviour report on the analysis web page.