RicoVZ
commented
5 years ago Hi Vidhu211,
Thanks for posting an issue.
It looks like part of the cuckoo.log is missing. Can you share the cuckoo.log file for this analysis with us? You can find it at $CWD/storage/analyses/<task id>/cuckoo.log. Is there an analyzer.log file present in the same folder? If so, can you also share it?
I see the error: Virtual Machine /status failed. After it is able to contact the agent at the startup of a task. This can indicate your VM loses network connection after it starts or that the Cuckoo Agent stops.
icedxu
Thanks for creating an issue! But first: did you read our community guidelines? https://cuckoo.sh/docs/introduction/community.html
My issue is:
I'm able to run the cuckoo web and the Host program runs fine. Even i'm able to load the malware into the interface
Problem is when i proceed to view the generated report after analysis. It did not run any analysis on the agent.
The VM, network, snapshot are all fine. no issues with it. I'm able to start my VM from the command line,
My Cuckoo version and operating system are:
Cuckoo agent is running inside a Win7 VM installed in virtualbox and the host runs inside of Ubuntu 17
This can be reproduced by:
The log, error, files etc can be found at:
cuckoo.log cuckoo@vs:~$ cuckoo
//\ //\//\ //\ //\//\ //\ /_/\ \:::\/ \:\ \:\ \:::\/ \::.\ \ \ \::: \ \::: \ \ \:\ \ \:\ \:\ \:\ \ _\:: \/) \ \:\ \ \ \:\ \ \ \ \:\ \//\:\ \:\ \:\ \//\:. ( ( \:\ \ \ \:\ \ \ \ \:_\ \ \:_\:\ \:_\ \ \: \ ) \ \ \:_\ \ \:_\ \ \ _\/ _\/ _\/ _\/_\/ _\/ _____\/
Cuckoo Sandbox 2.0.6 www.cuckoosandbox.org Copyright (c) 2010-2018
Checking for updates... You're good to go!
Our latest blogposts:
IQY malspam campaign, October 15, 2018. Analysis of a malspam campaign leveraging .IQY (Excel Web Query) files containing DDE to achieve code execution. More at https://hatching.io/blog/iqy-malspam
Hooking VBScript execution in Cuckoo, October 03, 2018. Details on implementation of Visual Basic Script instrumentation for Cuckoo Monitor for extraction of dynamically executed VBScript. More at https://hatching.io/blog/vbscript-hooking
Cuckoo Sandbox 2.0.6 pentest, September 18, 2018. Cuckoo Sandbox 2.0.6 public pentest performed by Cure53 and sponsored by PolySwarm! More at https://hatching.io/blog/cuckoo-206-pentest
Cuckoo Sandbox 2.0.6, June 07, 2018. Interim release awaiting the big release. More at https://cuckoosandbox.org/blog/206-interim-release
Cuckoo Sandbox 2.0.5: Office DDE, December 03, 2017. Brand new release based on a DDE case study. More at https://cuckoosandbox.org/blog/205-office-dde
2018-11-08 22:13:04,088 [cuckoo] WARNING: It appears that you haven't loaded any Cuckoo Signatures. Signatures are highly recommended and improve & enrich the information extracted during an analysis. They also make up for the analysis score that you see in the Web Interface - so, pretty important! 2018-11-08 22:13:04,088 [cuckoo] WARNING: You'll be able to fetch all the latest Cuckoo Signaturs, Yara rules, and more goodies by running the following command: 2018-11-08 22:13:04,088 [cuckoo] INFO: $ cuckoo community 2018-11-08 22:13:04,089 [cuckoo.core.scheduler] INFO: Using "virtualbox" as machine manager 2018-11-08 22:13:05,692 [cuckoo.core.scheduler] INFO: Loaded 1 machine/s 2018-11-08 22:13:05,705 [cuckoo.core.scheduler] INFO: Waiting for analysis tasks. 2018-11-08 22:14:52,864 [cuckoo.core.scheduler] INFO: Starting analysis of FILE "rbot.exe" (task #9, options "procmemdump=yes,route=none") 2018-11-08 22:14:53,097 [cuckoo.core.scheduler] INFO: Task #9: acquired machine cuckoo1 (label=windows7) 2018-11-08 22:14:53,138 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 3124 (interface=vboxnet0, host=192.168.56.101) 2018-11-08 22:14:59,729 [cuckoo.core.guest] INFO: Starting analysis on guest (id=cuckoo1, ip=192.168.56.101) 2018-11-08 22:15:03,939 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.8 (id=cuckoo1, ip=192.168.56.101) 2018-11-08 22:16:04,869 [cuckoo.core.guest] INFO: Virtual Machine /status failed (CuckooGuestError('Cuckoo Agent failed without error status, please try upgrading to the latest version of agent.py (>= 0.8) and notify us if the issue persists.',)) 2018-11-08 22:18:05,631 [cuckoo.core.guest] INFO: cuckoo1: end of analysis reached! 2018-11-08 22:18:10,899 [cuckoo.processing.behavior] WARNING: Analysis results folder does not contain any behavior log files. 2018-11-08 22:18:11,833 [cuckoo.core.scheduler] INFO: Task #9: reports generation completed 2018-11-08 22:18:11,839 [cuckoo.core.scheduler] INFO: Task #9: analysis procedure completed
If it is a trivial issue, forgive me, im new to this trade