search

cuckoosandbox / cuckoo

Cuckoo Sandbox is an automated dynamic malware analysis system
http://www.cuckoosandbox.org
Other
5.55k stars 1.71k forks source link

Analysis not functioning properly #2349

Open quantm1366 opened 6 years ago

quantm1366 commented 6 years ago

Thanks for creating an issue! But first: did you read our community guidelines? https://cuckoo.sh/docs/introduction/community.html

My issue is: Analysis is not working properly for files or URLs
My Cuckoo version and operating system are:

My Cuckoo version and operating system are: Cuckoo Sandbox 2.0.6 DISTRIB_ID=Ubuntu DISTRIB_RELEASE=16.04 DISTRIB_CODENAME=xenial DISTRIB_DESCRIPTION="Ubuntu 16.04.4 LTS"

This can be reproduced by: submitting a file for analysis
The log, error, files etc can be found at:

WARNING: Windows7-64: analysis caught an exception Traceback (most recent call last): File "C:/tmpmcakix/analyzer.py", line 800, in success = analyzer.run() File "C:/tmpmcakix/analyzer.py", line 652, in run pids = self.package.start(self.target) File "C:\tmpmcakix\modules\packages\exe.py", line 23, in start return self.execute(path, args=shlex.split(args)) File "C:\tmpmcakix\lib\common\abstracts.py", line 166, in execute "Unable to execute the initial process, analysis aborted." CuckooPackageError: Unable to execute the initial process, analysis aborted.

quantm1366 commented 6 years ago

I found the below link scouring past issues. Should really think about adding the fact that the guest username needs to be "Administrator" once I activated that account, moved the agent.py to administrators startup folder, took a new snapshot and deleted the previous account everything worked like a dream

so my suggestion is either add that to the "Preparing the Guest" documentation or create a variable for guest user name in the $virtual_software.conf

https://github.com/cuckoosandbox/cuckoo/issues/2177

Thanks for making the old issues easily searchable though!

fahronona commented 6 years ago

i have same issue but i can not understand how fix it , i try follow your step but i still upset

fahronona commented 6 years ago

This is the log :

2018-09-21 14:09:12,391 [cuckoo.core.scheduler] INFO: Loaded 1 machine/s 2018-09-21 14:09:12,445 [cuckoo.core.scheduler] INFO: Waiting for analysis tasks. 2018-09-21 14:10:07,079 [cuckoo.core.scheduler] INFO: Starting analysis of FILE "smb-z7uhqxx6.exe" (task #20, options "procmemdump=yes,route=none") 2018-09-21 14:10:07,399 [cuckoo.core.scheduler] INFO: Task #20: acquired machine cuckoo1 (label=win7) 2018-09-21 14:10:07,425 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 3302 (interface=vboxnet0, host=192.168.56.101) 2018-09-21 14:10:12,305 [cuckoo.core.guest] INFO: Starting analysis on guest (id=cuckoo1, ip=192.168.56.101) 2018-09-21 14:12:51,836 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.8 (id=cuckoo1, ip=192.168.56.101) 2018-09-21 14:12:57,006 [cuckoo.core.guest] WARNING: cuckoo1: analysis caught an exception Traceback (most recent call last): File "C:/tmpaskxdi/analyzer.py", line 800, in success = analyzer.run() File "C:/tmpaskxdi/analyzer.py", line 652, in run pids = self.package.start(self.target) File "C:\tmpaskxdi\modules\packages\exe.py", line 23, in start return self.execute(path, args=shlex.split(args)) File "C:\tmpaskxdi\lib\common\abstracts.py", line 166, in execute "Unable to execute the initial process, analysis aborted." CuckooPackageError: Unable to execute the initial process, analysis aborted.

2018-09-21 14:13:03,507 [cuckoo.processing.behavior] WARNING: Analysis results folder does not contain any behavior log files. 2018-09-21 14:13:06,450 [cuckoo.core.scheduler] INFO: Task #20: reports generation completed 2018-09-21 14:13:06,504 [cuckoo.core.scheduler] INFO: Task #20: analysis procedure completed