search

cuckoosandbox / cuckoo

Cuckoo Sandbox is an automated dynamic malware analysis system
http://www.cuckoosandbox.org
Other
5.57k stars 1.71k forks source link

ERROR: Unable to open /cuckoo/storage/analyses/*/dump_sorted.pcap #1219

Closed mark-bah closed 7 years ago

mark-bah commented 7 years ago

I've been working through getting cuckoo to work with esxi through vsphere and a windows 7 guest OS but have had a variety of issues. After (hopefully) solving most of them, this is the only error I'm getting now.

Any guidance would be greatly appreciated

 python cuckoo.py -d

                     _ 
    ____ _   _  ____| |  _ ___   ___
   / ___) | | |/ ___) |_/ ) _ \ / _ \
  ( (___| |_| ( (___|  _ ( |_| | |_| |
   \____)____/ \____)_| \_)___/ \___/

 Cuckoo Sandbox 2.0-dev
 www.cuckoosandbox.org
 Copyright (c) 2010-2015

 Checking for updates...
 You are running a development version! Current stable is 2.0-rc1.
2016-12-23 12:31:21,296 [root] DEBUG: Importing modules...
2016-12-23 12:31:21,650 [root] DEBUG: Imported "signatures" modules:
2016-12-23 12:31:21,650 [root] DEBUG:    |-- CreatesExe
2016-12-23 12:31:21,650 [root] DEBUG:    `-- SystemMetrics
2016-12-23 12:31:21,651 [root] DEBUG: Imported "processing" modules:
2016-12-23 12:31:21,651 [root] DEBUG:    |-- AnalysisInfo
2016-12-23 12:31:21,651 [root] DEBUG:    |-- MetaInfo
2016-12-23 12:31:21,651 [root] DEBUG:    |-- ApkInfo
2016-12-23 12:31:21,651 [root] DEBUG:    |-- Baseline
2016-12-23 12:31:21,652 [root] DEBUG:    |-- BehaviorAnalysis
2016-12-23 12:31:21,652 [root] DEBUG:    |-- DroppedBuffer
2016-12-23 12:31:21,652 [root] DEBUG:    |-- Debug
2016-12-23 12:31:21,652 [root] DEBUG:    |-- Droidmon
2016-12-23 12:31:21,652 [root] DEBUG:    |-- Dropped
2016-12-23 12:31:21,653 [root] DEBUG:    |-- TLSMasterSecrets
2016-12-23 12:31:21,653 [root] DEBUG:    |-- GooglePlay
2016-12-23 12:31:21,653 [root] DEBUG:    |-- Irma
2016-12-23 12:31:21,653 [root] DEBUG:    |-- Memory
2016-12-23 12:31:21,654 [root] DEBUG:    |-- MISP
2016-12-23 12:31:21,654 [root] DEBUG:    |-- NetworkAnalysis
2016-12-23 12:31:21,654 [root] DEBUG:    |-- ProcessMemory
2016-12-23 12:31:21,654 [root] DEBUG:    |-- Procmon
2016-12-23 12:31:21,654 [root] DEBUG:    |-- Screenshots
2016-12-23 12:31:21,655 [root] DEBUG:    |-- Snort
2016-12-23 12:31:21,655 [root] DEBUG:    |-- Static
2016-12-23 12:31:21,655 [root] DEBUG:    |-- Strings
2016-12-23 12:31:21,655 [root] DEBUG:    |-- Suricata
2016-12-23 12:31:21,656 [root] DEBUG:    |-- TargetInfo
2016-12-23 12:31:21,656 [root] DEBUG:    `-- VirusTotal
2016-12-23 12:31:21,656 [root] DEBUG: Imported "auxiliary" modules:
2016-12-23 12:31:21,656 [root] DEBUG:    |-- MITM
2016-12-23 12:31:21,656 [root] DEBUG:    |-- Reboot
2016-12-23 12:31:21,657 [root] DEBUG:    |-- Services
2016-12-23 12:31:21,657 [root] DEBUG:    `-- Sniffer
2016-12-23 12:31:21,657 [root] DEBUG: Imported "reporting" modules:
2016-12-23 12:31:21,657 [root] DEBUG:    |-- ElasticSearch
2016-12-23 12:31:21,657 [root] DEBUG:    |-- JsonDump
2016-12-23 12:31:21,658 [root] DEBUG:    |-- Mattermost
2016-12-23 12:31:21,658 [root] DEBUG:    |-- MISP
2016-12-23 12:31:21,658 [root] DEBUG:    |-- Moloch
2016-12-23 12:31:21,658 [root] DEBUG:    |-- MongoDB
2016-12-23 12:31:21,659 [root] DEBUG:    |-- Notification
2016-12-23 12:31:21,659 [root] DEBUG:    `-- ReportHTML
2016-12-23 12:31:21,659 [root] DEBUG: Imported "machinery" modules:
2016-12-23 12:31:21,659 [root] DEBUG:    `-- ESX
2016-12-23 12:31:21,661 [root] DEBUG: Checking for locked tasks..
2016-12-23 12:31:21,683 [root] DEBUG: Checking for pending service tasks..
2016-12-23 12:31:21,699 [root] DEBUG: Initializing Yara...
2016-12-23 12:31:21,712 [root] DEBUG:    |-- index_binaries.yar
2016-12-23 12:31:21,712 [root] DEBUG:    `-- index_memory.yar
2016-12-23 12:31:21,725 [lib.cuckoo.core.resultserver] DEBUG: ResultServer running on 10.22.9.104:2042.
2016-12-23 12:31:21,728 [lib.cuckoo.core.scheduler] INFO: Using "esx" as machine manager
2016-12-23 12:31:22,139 [lib.cuckoo.common.abstracts] DEBUG: Stopping machine cuckoo64
2016-12-23 12:31:22,140 [lib.cuckoo.common.abstracts] DEBUG: Getting status for cuckoo64
2016-12-23 12:31:22,649 [lib.cuckoo.common.abstracts] DEBUG: Getting status for cuckoo64
2016-12-23 12:31:22,686 [lib.cuckoo.core.scheduler] INFO: Loaded 1 machine/s
2016-12-23 12:31:22,711 [lib.cuckoo.core.scheduler] INFO: Waiting for analysis tasks.
2016-12-23 12:31:49,696 [lib.cuckoo.core.scheduler] DEBUG: Processing task #17
2016-12-23 12:31:49,721 [lib.cuckoo.core.scheduler] INFO: Starting analysis of FILE "0a28108de4ee1f8b2b72ead397996911" (task #17, options "route=none,procmemdump=yes")
2016-12-23 12:31:49,938 [lib.cuckoo.core.scheduler] INFO: File already exists at "/opt/cuckoo/cuckoo/storage/binaries/9daf1678d88c829246c81e10217c58cebc6e9dab1c5b825e0b9e467f182012ce"
2016-12-23 12:31:50,057 [lib.cuckoo.core.scheduler] INFO: Task #17: acquired machine cuckoo64 (label=cuckoo64)
2016-12-23 12:31:50,075 [modules.auxiliary.sniffer] INFO: Started sniffer with PID 21524 (interface=ens36, host=10.22.9.110, pcap=/opt/cuckoo/cuckoo/storage/analyses/17/dump.pcap)
2016-12-23 12:31:50,076 [lib.cuckoo.core.plugins] DEBUG: Started auxiliary module: Sniffer
2016-12-23 12:31:50,184 [lib.cuckoo.common.abstracts] DEBUG: Starting machine cuckoo64
2016-12-23 12:31:50,185 [lib.cuckoo.common.abstracts] DEBUG: Getting status for cuckoo64
2016-12-23 12:31:50,345 [lib.cuckoo.common.abstracts] DEBUG: Using snapshot cuckooAdminUser for virtual machine cuckoo64
2016-12-23 12:31:53,795 [lib.cuckoo.common.abstracts] DEBUG: Getting status for cuckoo64
2016-12-23 12:31:53,890 [lib.cuckoo.core.guest] INFO: Starting analysis on guest (id=cuckoo64, ip=10.22.9.110)
2016-12-23 12:31:56,169 [lib.cuckoo.core.guest] DEBUG: cuckoo64: waiting for status 0x0001
2016-12-23 12:31:56,789 [lib.cuckoo.core.guest] DEBUG: cuckoo64: status ready
2016-12-23 12:31:56,809 [lib.cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=cuckoo64, ip=10.22.9.110, monitor=latest, size=1756407)
2016-12-23 12:32:09,850 [lib.cuckoo.core.guest] DEBUG: cuckoo64: analyzer started with PID 2152
2016-12-23 12:32:09,875 [lib.cuckoo.core.guest] DEBUG: cuckoo64: waiting for completion
2016-12-23 12:32:10,567 [lib.cuckoo.core.resultserver] DEBUG: LogHandler for live analysis.log initialized.
2016-12-23 12:32:10,901 [lib.cuckoo.core.guest] DEBUG: cuckoo64: analysis not completed yet (status=2)
2016-12-23 12:32:11,915 [lib.cuckoo.core.guest] DEBUG: cuckoo64: analysis not completed yet (status=2)
2016-12-23 12:32:12,935 [lib.cuckoo.core.guest] DEBUG: cuckoo64: analysis not completed yet (status=2)
2016-12-23 12:32:13,946 [lib.cuckoo.core.guest] DEBUG: cuckoo64: analysis not completed yet (status=2)
2016-12-23 12:32:14,965 [lib.cuckoo.core.guest] DEBUG: cuckoo64: analysis not completed yet (status=2)
2016-12-23 12:32:16,111 [lib.cuckoo.core.guest] DEBUG: cuckoo64: analysis not completed yet (status=2)
2016-12-23 12:32:17,279 [lib.cuckoo.core.guest] DEBUG: cuckoo64: analysis not completed yet (status=2)
2016-12-23 12:32:18,412 [lib.cuckoo.core.guest] DEBUG: cuckoo64: analysis not completed yet (status=2)
2016-12-23 12:32:19,429 [lib.cuckoo.core.guest] DEBUG: cuckoo64: analysis not completed yet (status=2)
2016-12-23 12:32:20,495 [lib.cuckoo.core.guest] DEBUG: cuckoo64: analysis not completed yet (status=2)
2016-12-23 12:32:21,515 [lib.cuckoo.core.guest] DEBUG: cuckoo64: analysis not completed yet (status=2)
2016-12-23 12:32:22,567 [lib.cuckoo.core.guest] DEBUG: cuckoo64: analysis not completed yet (status=2)
2016-12-23 12:32:23,585 [lib.cuckoo.core.guest] DEBUG: cuckoo64: analysis not completed yet (status=2)
2016-12-23 12:32:24,596 [lib.cuckoo.core.guest] DEBUG: cuckoo64: analysis not completed yet (status=2)
2016-12-23 12:32:25,615 [lib.cuckoo.core.guest] DEBUG: cuckoo64: analysis not completed yet (status=2)
2016-12-23 12:32:26,630 [lib.cuckoo.core.guest] INFO: cuckoo64: analysis completed successfully
2016-12-23 12:32:26,664 [lib.cuckoo.core.plugins] WARNING: Unable to stop auxiliary module: Potential error while running tcpdump, did not expect the following standard error output: 'tcpdump: WARNING: ens36: no IPv4 address assigned'.
2016-12-23 12:32:26,665 [lib.cuckoo.common.abstracts] DEBUG: Stopping machine cuckoo64
2016-12-23 12:32:26,665 [lib.cuckoo.common.abstracts] DEBUG: Getting status for cuckoo64
2016-12-23 12:32:27,125 [lib.cuckoo.common.abstracts] DEBUG: Getting status for cuckoo64
2016-12-23 12:32:27,289 [lib.cuckoo.core.scheduler] DEBUG: Released database task #17
2016-12-23 12:32:27,339 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "AnalysisInfo" on analysis at "/opt/cuckoo/cuckoo/storage/analyses/17"
2016-12-23 12:32:27,341 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "MetaInfo" on analysis at "/opt/cuckoo/cuckoo/storage/analyses/17"
2016-12-23 12:32:27,344 [modules.processing.behavior] WARNING: Analysis results folder does not contain any behavior log files.
2016-12-23 12:32:27,344 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "BehaviorAnalysis" on analysis at "/opt/cuckoo/cuckoo/storage/analyses/17"
2016-12-23 12:32:27,345 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "DroppedBuffer" on analysis at "/opt/cuckoo/cuckoo/storage/analyses/17"
2016-12-23 12:32:27,363 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "Debug" on analysis at "/opt/cuckoo/cuckoo/storage/analyses/17"
2016-12-23 12:32:27,364 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "Dropped" on analysis at "/opt/cuckoo/cuckoo/storage/analyses/17"
2016-12-23 12:32:27,364 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "ProcessMemory" on analysis at "/opt/cuckoo/cuckoo/storage/analyses/17"
2016-12-23 12:32:27,365 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "Procmon" on analysis at "/opt/cuckoo/cuckoo/storage/analyses/17"
2016-12-23 12:32:27,366 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "Screenshots" on analysis at "/opt/cuckoo/cuckoo/storage/analyses/17"
2016-12-23 12:32:29,712 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "Static" on analysis at "/opt/cuckoo/cuckoo/storage/analyses/17"
2016-12-23 12:32:30,234 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "Strings" on analysis at "/opt/cuckoo/cuckoo/storage/analyses/17"
2016-12-23 12:32:30,534 [lib.cuckoo.common.objects] WARNING: Unable to import yara (please compile from sources)
2016-12-23 12:32:30,604 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "TargetInfo" on analysis at "/opt/cuckoo/cuckoo/storage/analyses/17"
2016-12-23 12:32:30,616 [modules.processing.network] DEBUG: Whitelisting Disabled.
2016-12-23 12:32:30,616 [modules.processing.network] ERROR: Unable to open /opt/cuckoo/cuckoo/storage/analyses/17/dump_sorted.pcap
2016-12-23 12:32:30,616 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "NetworkAnalysis" on analysis at "/opt/cuckoo/cuckoo/storage/analyses/17"
2016-12-23 12:32:31,184 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "VirusTotal" on analysis at "/opt/cuckoo/cuckoo/storage/analyses/17"
2016-12-23 12:32:31,185 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "TLSMasterSecrets" on analysis at "/opt/cuckoo/cuckoo/storage/analyses/17"
2016-12-23 12:32:31,185 [lib.cuckoo.core.plugins] DEBUG: Running 0 signatures
2016-12-23 12:32:31,764 [lib.cuckoo.core.plugins] DEBUG: Executed reporting module "JsonDump"
2016-12-23 12:32:31,936 [lib.cuckoo.core.plugins] DEBUG: Executed reporting module "MongoDB"
2016-12-23 12:32:31,937 [lib.cuckoo.core.scheduler] INFO: Task #17: reports generation completed (path=/opt/cuckoo/cuckoo/storage/analyses/17)
2016-12-23 12:32:31,968 [lib.cuckoo.core.scheduler] INFO: Task #17: analysis procedure completed
doomedraven commented 7 years ago

you have problem with network interface

2016-12-23 12:32:26,664 [lib.cuckoo.core.plugins] WARNING: Unable to stop auxiliary module: Potential error while running tcpdump, did not expect the following standard error output: 'tcpdump: WARNING: ens36: no IPv4 address assigned'.

malwareroot commented 7 years ago

Hi guys, i also face some issue while installing cuckoo. could u plz any tell suggestion ? issue: i was already download 300 sign from community.py -wafb .after i start cuckoo.py it is still show error. i was also try cuckoo.py --debug --test . again show same error msg. plz help me cuckko_san

jbremer commented 7 years ago

What did the community command return?

jbremer commented 7 years ago

Any update @mark-bah @malwareroot?

jbremer commented 7 years ago

Closing due to inactivity. Feel free to reopen if you have new information.