search

cuckoosandbox / cuckoo

Cuckoo Sandbox is an automated dynamic malware analysis system
http://www.cuckoosandbox.org
Other
5.55k stars 1.71k forks source link

Microsoft Office Word 2013 crashes on Cuckoo 2.0.6 #2386

Open 3megatrend3 opened 6 years ago

3megatrend3 commented 6 years ago

Hi everyone,

Microsoft Office Word 2013 crashes when I sent documents for processing. The program crashes after the monitor is injected into the process. I am attaching both the cuckoo and the analyzer log. My setup details are

Host: Ubuntu 18.04 LTS Hypervisor: VirtualBox 5.2.10_Ubuntu r121806 VM: Windows 7 Enterprise SP1 (Firewall disabled, Windows Defender disabled, UAC disabled)

I use the default settings. Is there a way to fix this?

cuckoo.txt analyzer.txt

doomedraven commented 6 years ago

as @jbremer would say, if you can share vm to debug the issue it would help

3megatrend3 commented 6 years ago

How is it possible to share the VM and why do you need the entire VM to look into the issue?

doomedraven commented 6 years ago

i don't, but devs yes, zip it and upload somewhere where devs can get it, in that way devs don't need setup it and have the exact env where it fails

3megatrend3 commented 6 years ago

Ok. To whom should I sent the link to?

cssxn commented 6 years ago

@3megatrend3 MongoDB seems doesn't support Ubuntu 18.04 LTS yet. How do u Install Cuckoo on Ubuntu 18.04 LTS,

doomedraven commented 6 years ago

Rofl, mongo supports ubuntu 18, i use u18 since beta without problems with cuckoo

doomedraven commented 6 years ago

@jbremer can you tell him where to send link with vm

RicoVZ commented 6 years ago

Hi 3megatrend3,

Thanks for posting an issue. :smile:

@doomedraven is right, we want to support as many types of software as possible, but in order to find out exactly why it is crashing when injecting, we would need to debug it. So the VM in which it is not working helps a lot with that, as does work with some Office 2013 versions.

Cuckoo should at least work with 2007 and 2010.

You can send it to ricardo@cuckoo.sh. I will make sure it ends up in @jbremer 's hands.

seanthegeek commented 5 years ago

Same problem with Office 2016.

@RicoVZ I emailed you with a link to a premade KVM sandbox with Office 2016 installed. I hope this helps!

hunterbr72 commented 5 years ago

Same here, Cuckoo crashes with Office 2013 Pro Plus. Ping me @jbremer if you need the VM.

Ethnical commented 4 years ago

Same here cuckoo version 2.07 and office2013... I don't know how to dive into the debugging for the hooking... If anyone know how to debug deeply because the analyzer.log have nothing really interesting....

I will test 2010 and 2016 to see if it's better :)