Windows Host & Linux Guest Combination Problem on Cuckoo 2.0.6

Thanks for creating an issue! But first: did you read our community guidelines? https://cuckoo.sh/docs/introduction/community.html

My issue is:

[cuckoo.processing.behavior] WARNING: Analysis results folder does not exist at path 'C:\\Users\\in2etv\\.cuckoo\\storage\\analyses\\60\\logs'.
...
it appears that the Virtual Machine hasn't been able to contact back to the Cuckoo Host.

When using Windows host and Linux guest together, the analysis process does not proceed. This problem is caused by "core/guest.py" sending the return value of "os.path.join ()" as it is. I replaced '\' to '/' in all return values of os.path.join() and It seems to work normally. (6 places in "guest.py")

My Cuckoo version and operating system are:

Cuckoo Version : 2.0.6.2 Python Version : 2.7.15 Host : Windows 10 Pro (build 17314) Guest : Ubuntu 17.04 Desktop Machinery : VirtualBox 5.2.16

This can be reproduced by:

Add an inappropriate import statement to "analyzer.py". This will prevents the analyzer from running. If you stop vm, you can see the file uploaded to the guest.

Sorry for my poor English.

The log, error, files etc can be found at:

(venv) E:\Workspace\Research\Cuckoo>cuckoo -d

  _____________________________________/\/\_______________________________
  ___/\/\/\/\__/\/\__/\/\____/\/\/\/\__/\/\__/\/\____/\/\/\______/\/\/\___
  _/\/\________/\/\__/\/\__/\/\________/\/\/\/\____/\/\__/\/\__/\/\__/\/\_
  _/\/\________/\/\__/\/\__/\/\________/\/\/\/\____/\/\__/\/\__/\/\__/\/\_
  ___/\/\/\/\____/\/\/\/\____/\/\/\/\__/\/\__/\/\____/\/\/\______/\/\/\___
  ________________________________________________________________________

 Cuckoo Sandbox 2.0.6
 www.cuckoosandbox.org
 Copyright (c) 2010-2018

 Checking for updates...
 You're good to go!

 Our latest blogposts:
 * Cuckoo Sandbox 2.0.6, June 07, 2018.
   Interim release awaiting the big release.
   More at https://cuckoosandbox.org/blog/206-interim-release

 * Cuckoo Sandbox 2.0.5: Office DDE, December 03, 2017.
   Brand new release based on a DDE case study.
   More at https://cuckoosandbox.org/blog/205-office-dde

 * Cuckoo Sandbox 2.0.4, September 06, 2017.
   Introducing Malware Configuration Extraction.
   More at https://cuckoosandbox.org/blog/cuckoo-sandbox-204

2018-08-03 05:39:54,219 [cuckoo.core.startup] DEBUG: Imported modules...
2018-08-03 05:39:54,233 [cuckoo.core.startup] DEBUG: Imported "auxiliary" modules:
2018-08-03 05:39:54,233 [cuckoo.core.startup] DEBUG:     |-- MITM
2018-08-03 05:39:54,234 [cuckoo.core.startup] DEBUG:     |-- Reboot
2018-08-03 05:39:54,236 [cuckoo.core.startup] DEBUG:     |-- Services
2018-08-03 05:39:54,236 [cuckoo.core.startup] DEBUG:     `-- Sniffer
2018-08-03 05:39:54,236 [cuckoo.core.startup] DEBUG: Imported "machinery" modules:
2018-08-03 05:39:54,237 [cuckoo.core.startup] DEBUG:     |-- vSphere
2018-08-03 05:39:54,237 [cuckoo.core.startup] DEBUG:     |-- KVM
2018-08-03 05:39:54,239 [cuckoo.core.startup] DEBUG:     |-- ESX
2018-08-03 05:39:54,239 [cuckoo.core.startup] DEBUG:     |-- XenServer
2018-08-03 05:39:54,240 [cuckoo.core.startup] DEBUG:     |-- VirtualBox
2018-08-03 05:39:54,240 [cuckoo.core.startup] DEBUG:     |-- Avd
2018-08-03 05:39:54,240 [cuckoo.core.startup] DEBUG:     |-- QEMU
2018-08-03 05:39:54,240 [cuckoo.core.startup] DEBUG:     |-- VMware
2018-08-03 05:39:54,242 [cuckoo.core.startup] DEBUG:     `-- Physical
2018-08-03 05:39:54,243 [cuckoo.core.startup] DEBUG: Imported "processing" modules:
2018-08-03 05:39:54,243 [cuckoo.core.startup] DEBUG:     |-- AnalysisInfo
2018-08-03 05:39:54,243 [cuckoo.core.startup] DEBUG:     |-- ApkInfo
2018-08-03 05:39:54,243 [cuckoo.core.startup] DEBUG:     |-- Baseline
2018-08-03 05:39:54,244 [cuckoo.core.startup] DEBUG:     |-- BehaviorAnalysis
2018-08-03 05:39:54,244 [cuckoo.core.startup] DEBUG:     |-- Debug
2018-08-03 05:39:54,246 [cuckoo.core.startup] DEBUG:     |-- Droidmon
2018-08-03 05:39:54,246 [cuckoo.core.startup] DEBUG:     |-- Dropped
2018-08-03 05:39:54,247 [cuckoo.core.startup] DEBUG:     |-- DroppedBuffer
2018-08-03 05:39:54,247 [cuckoo.core.startup] DEBUG:     |-- Extracted
2018-08-03 05:39:54,249 [cuckoo.core.startup] DEBUG:     |-- GooglePlay
2018-08-03 05:39:54,250 [cuckoo.core.startup] DEBUG:     |-- Irma
2018-08-03 05:39:54,250 [cuckoo.core.startup] DEBUG:     |-- Memory
2018-08-03 05:39:54,252 [cuckoo.core.startup] DEBUG:     |-- MetaInfo
2018-08-03 05:39:54,252 [cuckoo.core.startup] DEBUG:     |-- MISP
2018-08-03 05:39:54,253 [cuckoo.core.startup] DEBUG:     |-- NetworkAnalysis
2018-08-03 05:39:54,253 [cuckoo.core.startup] DEBUG:     |-- ProcessMemory
2018-08-03 05:39:54,253 [cuckoo.core.startup] DEBUG:     |-- Procmon
2018-08-03 05:39:54,253 [cuckoo.core.startup] DEBUG:     |-- Screenshots
2018-08-03 05:39:54,255 [cuckoo.core.startup] DEBUG:     |-- Snort
2018-08-03 05:39:54,256 [cuckoo.core.startup] DEBUG:     |-- Static
2018-08-03 05:39:54,256 [cuckoo.core.startup] DEBUG:     |-- Strings
2018-08-03 05:39:54,256 [cuckoo.core.startup] DEBUG:     |-- Suricata
2018-08-03 05:39:54,257 [cuckoo.core.startup] DEBUG:     |-- TargetInfo
2018-08-03 05:39:54,257 [cuckoo.core.startup] DEBUG:     |-- TLSMasterSecrets
2018-08-03 05:39:54,259 [cuckoo.core.startup] DEBUG:     `-- VirusTotal
2018-08-03 05:39:54,259 [cuckoo.core.startup] DEBUG: Imported "signatures" modules:
2018-08-03 05:39:54,259 [cuckoo.core.startup] DEBUG:     |-- CreatesExe
2018-08-03 05:39:54,259 [cuckoo.core.startup] DEBUG:     `-- SystemMetrics
2018-08-03 05:39:54,260 [cuckoo.core.startup] DEBUG: Imported "reporting" modules:
2018-08-03 05:39:54,260 [cuckoo.core.startup] DEBUG:     |-- ElasticSearch
2018-08-03 05:39:54,262 [cuckoo.core.startup] DEBUG:     |-- Feedback
2018-08-03 05:39:54,263 [cuckoo.core.startup] DEBUG:     |-- JsonDump
2018-08-03 05:39:54,263 [cuckoo.core.startup] DEBUG:     |-- Mattermost
2018-08-03 05:39:54,263 [cuckoo.core.startup] DEBUG:     |-- MISP
2018-08-03 05:39:54,265 [cuckoo.core.startup] DEBUG:     |-- Moloch
2018-08-03 05:39:54,266 [cuckoo.core.startup] DEBUG:     |-- MongoDB
2018-08-03 05:39:54,266 [cuckoo.core.startup] DEBUG:     |-- Notification
2018-08-03 05:39:54,266 [cuckoo.core.startup] DEBUG:     `-- SingleFile
2018-08-03 05:39:54,267 [cuckoo.core.startup] DEBUG: Checking for locked tasks..
2018-08-03 05:39:54,278 [cuckoo.core.startup] DEBUG: Checking for pending service tasks..
2018-08-03 05:39:54,286 [cuckoo.core.startup] DEBUG: Initializing Yara...
2018-08-03 05:39:54,290 [cuckoo.core.startup] DEBUG:     |-- binaries embedded.yar
2018-08-03 05:39:54,292 [cuckoo.core.startup] DEBUG:     |-- binaries shellcodes.yar
2018-08-03 05:39:54,292 [cuckoo.core.startup] DEBUG:     |-- binaries vmdetect.yar
2018-08-03 05:39:54,301 [cuckoo] WARNING: It appears that you haven't loaded any Cuckoo Signatures. Signatures are highly recommended and improve & enrich the information extracted during an analysis. They also make up for the analysis score that you see in the Web Interface - so, pretty important!
2018-08-03 05:39:54,301 [cuckoo] WARNING: You'll be able to fetch all the latest Cuckoo Signaturs, Yara rules, and more goodies by running the following command:
2018-08-03 05:39:54,302 [cuckoo] INFO: $ cuckoo community
2018-08-03 05:39:54,302 [cuckoo.core.resultserver] DEBUG: ResultServer running on 192.168.56.1:2042.
2018-08-03 05:39:54,305 [cuckoo.core.scheduler] INFO: Using "virtualbox" as machine manager
2018-08-03 05:39:54,624 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine cuckoo1 to snapshot1
2018-08-03 05:39:54,779 [cuckoo.core.scheduler] INFO: Loaded 1 machine/s
2018-08-03 05:39:54,802 [cuckoo.core.scheduler] INFO: Waiting for analysis tasks.
2018-08-03 05:40:00,960 [cuckoo.core.scheduler] DEBUG: Processing task #60
2018-08-03 05:40:00,973 [cuckoo.core.scheduler] INFO: Starting analysis of FILE "VirusShare_00b96af32c35cb50612d0f9ee24dbc12" (task #60, options "procmemdump=yes,route=none")
2018-08-03 05:40:01,033 [cuckoo.core.scheduler] INFO: Task #60: acquired machine cuckoo1 (label=cuckoo1)
2018-08-03 05:40:01,039 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 14224 (interface=\Device\NPF_{8F76A6F3-3C80-48B2-9514-2C1B3067D79B}, host=192.168.56.101)
2018-08-03 05:40:01,040 [cuckoo.core.plugins] DEBUG: Started auxiliary module: Sniffer
2018-08-03 05:40:01,075 [cuckoo.machinery.virtualbox] DEBUG: Starting vm cuckoo1
2018-08-03 05:40:01,176 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine cuckoo1 to snapshot1
2018-08-03 05:40:12,790 [cuckoo.core.guest] INFO: Starting analysis on guest (id=cuckoo1, ip=192.168.56.101)
2018-08-03 05:40:13,798 [cuckoo.core.guest] DEBUG: cuckoo1: not ready yet
2018-08-03 05:40:14,805 [cuckoo.core.guest] DEBUG: cuckoo1: not ready yet
2018-08-03 05:40:15,813 [cuckoo.core.guest] DEBUG: cuckoo1: not ready yet
2018-08-03 05:40:15,836 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.8 (id=cuckoo1, ip=192.168.56.101)
2018-08-03 05:40:15,858 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=cuckoo1, ip=192.168.56.101, monitor=latest, size=30538)
2018-08-03 05:40:15,964 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing
2018-08-03 05:40:16,970 [cuckoo.core.guest] INFO: cuckoo1: analysis completed successfully
2018-08-03 05:40:16,996 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2018-08-03 05:40:16,999 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm cuckoo1
2018-08-03 05:40:18,227 [cuckoo.core.scheduler] DEBUG: Released database task #60
2018-08-03 05:40:18,269 [cuckoo.core.plugins] DEBUG: Executed processing module "AnalysisInfo" for task #60
2018-08-03 05:40:18,270 [cuckoo.processing.behavior] WARNING: Analysis results folder does not exist at path 'C:\\Users\\in2etv\\.cuckoo\\storage\\analyses\\60\\logs'.
2018-08-03 05:40:18,273 [cuckoo.core.plugins] DEBUG: Executed processing module "BehaviorAnalysis" for task #60
2018-08-03 05:40:18,273 [cuckoo.core.plugins] DEBUG: Executed processing module "Dropped" for task #60
2018-08-03 05:40:18,276 [cuckoo.core.plugins] DEBUG: Executed processing module "DroppedBuffer" for task #60
2018-08-03 05:40:18,292 [cuckoo.core.plugins] DEBUG: Executed processing module "MetaInfo" for task #60
2018-08-03 05:40:18,293 [cuckoo.core.plugins] DEBUG: Executed processing module "ProcessMemory" for task #60
2018-08-03 05:40:18,295 [cuckoo.core.plugins] DEBUG: Executed processing module "Procmon" for task #60
2018-08-03 05:40:18,296 [cuckoo.core.plugins] DEBUG: Executed processing module "Screenshots" for task #60
2018-08-03 05:40:18,312 [cuckoo.core.plugins] DEBUG: Executed processing module "Static" for task #60
2018-08-03 05:40:18,319 [cuckoo.core.plugins] DEBUG: Executed processing module "Strings" for task #60
2018-08-03 05:40:18,342 [cuckoo.core.plugins] DEBUG: Executed processing module "TargetInfo" for task #60
2018-08-03 05:40:18,368 [cuckoo.core.plugins] DEBUG: Executed processing module "NetworkAnalysis" for task #60
2018-08-03 05:40:18,368 [cuckoo.core.plugins] DEBUG: Executed processing module "Extracted" for task #60
2018-08-03 05:40:18,371 [cuckoo.core.plugins] DEBUG: Executed processing module "TLSMasterSecrets" for task #60
2018-08-03 05:40:18,371 [cuckoo.processing.debug] ERROR: Error processing task #60: it appears that the Virtual Machine hasn't been able to contact back to the Cuckoo Host. There could be a few reasons for this, please refer to our documentation on the matter: https://cuckoo.sh/docs/faq/index.html#troubleshooting-vm-network-configuration
2018-08-03 05:40:18,404 [cuckoo.core.plugins] DEBUG: Executed processing module "Debug" for task #60
2018-08-03 05:40:18,404 [cuckoo.core.plugins] DEBUG: Running 0 signatures
2018-08-03 05:40:18,408 [cuckoo.core.plugins] DEBUG: Executed reporting module "JsonDump"
2018-08-03 05:40:18,474 [cuckoo.core.plugins] DEBUG: Executed reporting module "MongoDB"
2018-08-03 05:40:18,476 [cuckoo.core.scheduler] INFO: Task #60: reports generation completed
2018-08-03 05:40:18,486 [cuckoo.core.scheduler] INFO: Task #60: analysis procedure completed

cuckoosandbox / cuckoo

Windows Host & Linux Guest Combination Problem on Cuckoo 2.0.6 #2422

My issue is:

My Cuckoo version and operating system are:

This can be reproduced by:

The log, error, files etc can be found at: