search

cuckoosandbox / cuckoo

Cuckoo Sandbox is an automated dynamic malware analysis system
http://www.cuckoosandbox.org
Other
5.54k stars 1.7k forks source link

procmon not working #1821

Open ashwinikardile opened 7 years ago

ashwinikardile commented 7 years ago

Hi,

Can you tell me where exactly do I have to place "procmon=1" in cuckoo configuration?

Thanks :)

jbremer commented 7 years ago

As an analysis option, e.g., cuckoo submit -o procmon=1 sample.exe :-) Hope that helps!

ashwinikardile commented 7 years ago

It does! Thank you very much.

Can you please guide me, how to filter the results based on Registry Activity, File system activity,etc generated by procmon? I'm analysing ransomware and want to filter procmon result.