search

cuckoosandbox / cuckoo

Cuckoo Sandbox is an automated dynamic malware analysis system
http://www.cuckoosandbox.org
Other
5.54k stars 1.71k forks source link

Volatility summary not showing #1832

Open mehmetgoksu opened 7 years ago

mehmetgoksu commented 7 years ago
doomedraven commented 7 years ago

but what about cuckoo version? from my experience in latest version vol was executed in background after analysis was reported, which output you got in process cli?

mehmetgoksu commented 7 years ago

Version is 2.0.4.

2017-09-11 14:26:30,619 [cuckoo.core.scheduler] INFO: Task #8: acquired machine win7 (label=win7)
2017-09-11 14:26:30,666 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 9958 (interface=vboxnet0, host=192.168.56.101)
2017-09-11 14:26:30,667 [cuckoo.core.plugins] DEBUG: Started auxiliary module: Sniffer
2017-09-11 14:26:30,791 [cuckoo.machinery.virtualbox] DEBUG: Starting vm win7
2017-09-11 14:26:30,982 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine win7 to Snapshot2
2017-09-11 14:26:36,084 [cuckoo.core.guest] INFO: Starting analysis on guest (id=win7, ip=192.168.56.101)
2017-09-11 14:26:37,095 [cuckoo.core.guest] DEBUG: win7: not ready yet
2017-09-11 14:26:38,102 [cuckoo.core.guest] DEBUG: win7: not ready yet
2017-09-11 14:26:39,109 [cuckoo.core.guest] DEBUG: win7: not ready yet
2017-09-11 14:26:40,115 [cuckoo.core.guest] DEBUG: win7: not ready yet
2017-09-11 14:26:41,120 [cuckoo.core.guest] DEBUG: win7: not ready yet
2017-09-11 14:26:42,125 [cuckoo.core.guest] DEBUG: win7: not ready yet
2017-09-11 14:26:42,153 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.7 (id=win7, ip=192.168.56.101)
2017-09-11 14:26:42,256 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=win7, ip=192.168.56.101, monitor=latest, size=3842483)
2017-09-11 14:26:45,702 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:26:46,781 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:26:47,758 [cuckoo.core.resultserver] DEBUG: LogHandler for live analysis.log initialized.
2017-09-11 14:26:47,867 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:26:48,880 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:26:49,897 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:26:50,910 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:26:51,922 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:26:52,931 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:26:53,953 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:26:54,982 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:26:55,424 [cuckoo.core.resultserver] DEBUG: New process (pid=1072, ppid=320, name=AAA.exe)
2017-09-11 14:26:56,006 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:26:56,252 [cuckoo.core.resultserver] DEBUG: File upload request for files/d35574d2cc42b4ed_F0DD.tmp
2017-09-11 14:26:56,357 [cuckoo.core.resultserver] DEBUG: Uploaded file length: 1288488
2017-09-11 14:26:56,554 [cuckoo.core.resultserver] DEBUG: File upload request for files/ff4c354d08c8a6a6_F1F7.tmp
2017-09-11 14:26:56,599 [cuckoo.core.resultserver] DEBUG: Uploaded file length: 857600
2017-09-11 14:26:56,778 [cuckoo.core.resultserver] DEBUG: File upload request for files/1b594e6d057c632a_F2F2.tmp
2017-09-11 14:26:56,812 [cuckoo.core.resultserver] DEBUG: Uploaded file length: 206848
2017-09-11 14:26:57,032 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:26:57,517 [cuckoo.core.resultserver] DEBUG: File upload request for memory/3176-1.dmp
2017-09-11 14:26:57,587 [cuckoo.core.resultserver] DEBUG: Uploaded file length: 1978920
2017-09-11 14:26:57,784 [cuckoo.core.resultserver] DEBUG: New process (pid=3176, ppid=1072, name=svchost.exe)
2017-09-11 14:26:58,186 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:26:58,640 [cuckoo.core.resultserver] DEBUG: File upload request for memory/3284-1.dmp
2017-09-11 14:26:58,732 [cuckoo.core.resultserver] DEBUG: Uploaded file length: 1978920
2017-09-11 14:26:58,994 [cuckoo.core.resultserver] DEBUG: New process (pid=3284, ppid=1072, name=svchost.exe)
2017-09-11 14:26:59,257 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:27:00,285 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:27:01,052 [cuckoo.core.resultserver] DEBUG: File upload request for memory/3180-1.dmp
2017-09-11 14:27:01,306 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:27:01,322 [cuckoo.core.resultserver] DEBUG: Uploaded file length: 4616744
2017-09-11 14:27:01,706 [cuckoo.core.resultserver] DEBUG: New process (pid=3180, ppid=1072, name=explorer.exe)
2017-09-11 14:27:02,322 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:27:03,294 [cuckoo.core.resultserver] DEBUG: New process (pid=1600, ppid=1556, name=explorer.exe)
2017-09-11 14:27:03,346 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:27:04,359 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:27:05,401 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:27:06,419 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:27:06,662 [cuckoo.core.resultserver] DEBUG: File upload request for files/4297ad0f5bb72616_FB52.tmp
2017-09-11 14:27:06,706 [cuckoo.core.resultserver] DEBUG: Uploaded file length: 157184
2017-09-11 14:27:07,473 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:27:08,484 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:27:09,505 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:27:10,577 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:27:11,590 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:27:12,602 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:27:13,668 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:27:14,694 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:27:15,709 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:27:16,192 [cuckoo.core.resultserver] DEBUG: File upload request for memory/1072-1.dmp
2017-09-11 14:27:16,264 [cuckoo.core.resultserver] DEBUG: File upload request for memory/1072-2.dmp
2017-09-11 14:27:16,466 [cuckoo.core.resultserver] DEBUG: File upload request for memory/3180-2.dmp
2017-09-11 14:27:16,723 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:27:17,740 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:27:18,807 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:27:19,718 [cuckoo.core.resultserver] DEBUG: Uploaded file length: 41903264
2017-09-11 14:27:19,858 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:27:19,982 [cuckoo.core.resultserver] DEBUG: Uploaded file length: 46676784
2017-09-11 14:27:20,073 [cuckoo.core.resultserver] DEBUG: Uploaded file length: 46676568
2017-09-11 14:27:20,871 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:27:21,893 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:27:22,923 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:27:23,935 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:27:24,961 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:27:25,974 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:27:26,984 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:27:27,993 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:27:29,004 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:27:30,019 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:27:31,028 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:27:32,047 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:27:33,070 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:27:34,085 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:27:35,104 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:27:36,123 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:27:37,592 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:27:38,606 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:27:39,630 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:27:40,658 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:27:41,671 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:27:42,555 [cuckoo.core.resultserver] DEBUG: File upload request for memory/3284-2.dmp
2017-09-11 14:27:42,686 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:27:43,625 [cuckoo.core.resultserver] DEBUG: Uploaded file length: 35132264
2017-09-11 14:27:43,709 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:27:44,720 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:27:45,736 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:27:46,756 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:27:47,784 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:27:48,795 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:27:49,807 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:27:50,824 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:27:51,837 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:27:52,848 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:27:53,862 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:27:54,876 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:27:55,890 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:27:56,904 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:27:57,914 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:27:58,933 [cuckoo.core.guest] DEBUG: win7: analysis still processing
2017-09-11 14:27:59,122 [cuckoo.core.resultserver] DEBUG: File upload request for memory/3176-2.dmp
2017-09-11 14:27:59,718 [cuckoo.core.resultserver] DEBUG: Uploaded file length: 35960304
2017-09-11 14:27:59,940 [cuckoo.core.guest] INFO: win7: analysis completed successfully
2017-09-11 14:28:00,023 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2017-09-11 14:28:03,177 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label win7 to path /home/test/.cuckoo/storage/analyses/8/memory.dmp
2017-09-11 14:28:03,179 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm win7
2017-09-11 14:28:05,059 [cuckoo.core.scheduler] DEBUG: Released database task #8
2017-09-11 14:28:05,188 [cuckoo.core.plugins] DEBUG: Executed processing module "AnalysisInfo" for task #8
2017-09-11 14:28:05,363 [cuckoo.core.plugins] DEBUG: Executed processing module "BehaviorAnalysis" for task #8
2017-09-11 14:28:05,528 [cuckoo.core.plugins] DEBUG: Executed processing module "Dropped" for task #8
2017-09-11 14:28:05,627 [cuckoo.core.plugins] DEBUG: Executed processing module "DroppedBuffer" for task #8
2017-09-11 14:28:05,630 [cuckoo.core.plugins] DEBUG: Executed processing module "Extracted" for task #8
2017-09-11 14:28:07,736 [cuckoo.processing.memory] DEBUG: Executing volatility 'pslist' module.
2017-09-11 14:28:09,432 [cuckoo.processing.memory] DEBUG: Executing volatility 'psxview' module.
2017-09-11 14:28:26,489 [cuckoo.processing.memory] DEBUG: Executing volatility 'callbacks' module.
2017-09-11 14:28:36,223 [cuckoo.processing.memory] DEBUG: Executing volatility 'idt' module.
2017-09-11 14:28:39,653 [cuckoo.processing.memory] DEBUG: Executing volatility 'ssdt' module.
2017-09-11 14:28:45,065 [cuckoo.processing.memory] DEBUG: Executing volatility 'gdt' module.
2017-09-11 14:28:46,869 [cuckoo.processing.memory] DEBUG: Executing volatility 'timers' module.
2017-09-11 14:28:49,812 [cuckoo.processing.memory] DEBUG: Skipping 'messagehooks' volatility module
2017-09-11 14:28:49,812 [cuckoo.processing.memory] DEBUG: Executing volatility 'getsids' module.
2017-09-11 14:28:52,095 [cuckoo.processing.memory] DEBUG: Executing volatility 'privs' module.
2017-09-11 14:28:54,713 [cuckoo.processing.memory] DEBUG: Executing volatility 'malfind' module.
2017-09-11 14:29:01,154 [cuckoo.processing.memory] DEBUG: Skipping 'apihooks' volatility module
2017-09-11 14:29:01,154 [cuckoo.processing.memory] DEBUG: Executing volatility 'dlllist' module.
2017-09-11 14:29:04,049 [cuckoo.processing.memory] DEBUG: Executing volatility 'handles' module.
2017-09-11 14:29:31,505 [cuckoo.processing.memory] DEBUG: Executing volatility 'ldrmodules' module.
2017-09-11 14:29:42,907 [cuckoo.processing.memory] DEBUG: Executing volatility 'mutantscan' module.
2017-09-11 14:29:44,711 [cuckoo.processing.memory] DEBUG: Executing volatility 'devicetree' module.
2017-09-11 14:29:46,694 [cuckoo.processing.memory] DEBUG: Executing volatility 'svcscan' module.
2017-09-11 14:29:49,056 [cuckoo.processing.memory] DEBUG: Executing volatility 'modscan' module.
2017-09-11 14:29:50,421 [cuckoo.processing.memory] DEBUG: Executing volatility 'yarascan' module.
2017-09-11 14:30:14,103 [cuckoo.processing.memory] DEBUG: Executing volatility 'netscan' module.
2017-09-11 14:30:16,179 [cuckoo.core.plugins] DEBUG: Executed processing module "Memory" for task #8
2017-09-11 14:30:19,884 [cuckoo.core.plugins] DEBUG: Executed processing module "MetaInfo" for task #8
2017-09-11 14:30:22,746 [cuckoo.core.plugins] DEBUG: Executed processing module "ProcessMemory" for task #8
2017-09-11 14:30:22,746 [cuckoo.core.plugins] DEBUG: Executed processing module "Procmon" for task #8
2017-09-11 14:30:23,118 [cuckoo.core.plugins] DEBUG: Executed processing module "Static" for task #8
2017-09-11 14:30:23,131 [cuckoo.core.plugins] DEBUG: Executed processing module "Strings" for task #8
2017-09-11 14:30:23,143 [cuckoo.core.plugins] DEBUG: Executed processing module "TargetInfo" for task #8
2017-09-11 14:30:25,010 [cuckoo.core.plugins] DEBUG: Executed processing module "NetworkAnalysis" for task #8
2017-09-11 14:30:25,011 [cuckoo.core.plugins] DEBUG: Executed processing module "TLSMasterSecrets" for task #8
2017-09-11 14:30:25,015 [cuckoo.core.plugins] DEBUG: Executed processing module "Debug" for task #8
2017-09-11 14:30:25,020 [cuckoo.core.plugins] DEBUG: Running 472 signatures
2017-09-11 14:30:25,897 [cuckoo.core.plugins] DEBUG: Analysis matched signature: dumped_buffer
2017-09-11 14:30:25,898 [cuckoo.core.plugins] DEBUG: Analysis matched signature: dumped_buffer2
2017-09-11 14:30:25,898 [cuckoo.core.plugins] DEBUG: Analysis matched signature: allocates_rwx
2017-09-11 14:30:25,899 [cuckoo.core.plugins] DEBUG: Analysis matched signature: antivm_queries_computername
2017-09-11 14:30:25,899 [cuckoo.core.plugins] DEBUG: Analysis matched signature: recon_fingerprint
2017-09-11 14:30:25,900 [cuckoo.core.plugins] DEBUG: Analysis matched signature: packer_entropy
2017-09-11 14:30:25,900 [cuckoo.core.plugins] DEBUG: Analysis matched signature: memdump_ip_urls
2017-09-11 14:30:25,901 [cuckoo.core.plugins] DEBUG: Analysis matched signature: memdump_urls
2017-09-11 14:30:25,901 [cuckoo.core.plugins] DEBUG: Analysis matched signature: raises_exception
2017-09-11 14:30:25,902 [cuckoo.core.plugins] DEBUG: Analysis matched signature: volatility_handles_1
2017-09-11 14:30:25,902 [cuckoo.core.plugins] DEBUG: Analysis matched signature: volatility_ldrmodules_1
2017-09-11 14:30:25,902 [cuckoo.core.plugins] DEBUG: Analysis matched signature: volatility_malfind_2
2017-09-11 14:30:25,902 [cuckoo.core.plugins] DEBUG: Analysis matched signature: volatility_svcscan_1
2017-09-11 14:30:25,903 [cuckoo.core.plugins] DEBUG: Analysis matched signature: volatility_svcscan_3
2017-09-11 14:30:27,206 [cuckoo.core.plugins] DEBUG: Executed reporting module "JsonDump"
doomedraven commented 7 years ago

if you check html code there nothing to show, so everything is ok, for more info you need to see VM Memory Dump

wigpen commented 7 years ago

I have a similar issue, Cuckoo 2.0.4 (upgraded from 2.0.3) on Ubuntu 16.04 LTS. Won't hijack this thread with my other issues.

mehmetgoksu commented 7 years ago

@doomedraven no it should be show in summary page.Vm Memory Dump section dont show specific report.

matg008 commented 4 years ago

I have the same as well. Did anyone find the solution?