Open RazviAlex opened 4 years ago
Thank you @ryanbekabe I appreciate it. but there is no other way to do it? don't know how to do it in the normal way, so with API REST I totally confuse how to submit with arguments (the only example there just show normal submit) :(
something strange that I notice is the log:
2019-07-30 17:45:21,000 [analyzer] DEBUG: Starting analyzer from: C:\tmphzrzu7 2019-07-30 17:45:21,000 [analyzer] DEBUG: Pipe server name: \??\PIPE\CahvVAlxvzIPuJwlfKRVkZMWwAXTjBg 2019-07-30 17:45:21,000 [analyzer] DEBUG: Log pipe server name: \??\PIPE\AOvrXkYsTAqVjteCWJ 2019-07-30 17:45:21,000 [analyzer] DEBUG: No analysis package specified, trying to detect it automagically. 2019-07-30 17:45:21,000 [analyzer] INFO: Automatically selected analysis package "exe" 2019-07-30 17:45:21,108 [analyzer] DEBUG: Started auxiliary module DbgView 2019-07-30 17:45:21,312 [analyzer] DEBUG: Started auxiliary module Disguise 2019-07-30 17:45:21,467 [analyzer] DEBUG: Loaded monitor into process with pid 484 2019-07-30 17:45:21,467 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets 2019-07-30 17:45:21,467 [analyzer] DEBUG: Started auxiliary module Human 2019-07-30 17:45:21,467 [analyzer] DEBUG: Started auxiliary module InstallCertificate 2019-07-30 17:45:21,467 [analyzer] DEBUG: Started auxiliary module Reboot 2019-07-30 17:45:21,655 [analyzer] DEBUG: Started auxiliary module RecentFiles 2019-07-30 17:45:21,655 [analyzer] DEBUG: Started auxiliary module Screenshots 2019-07-30 17:45:21,655 [analyzer] DEBUG: Started auxiliary module LoadZer0m0n 2019-07-30 17:45:23,500 [lib.api.process] INFO: Successfully executed process from path u'C:\Users\xxxx\AppData\Local\Temp\xxxxx2.2.exe' with arguments ['--aaa'] and pid 3124 2019-07-30 17:45:23,671 [analyzer] DEBUG: Loaded monitor into process with pid 3124 2019-07-30 08:47:35,148 [analyzer] INFO: Analysis timeout hit, terminating analysis. 2019-07-30 08:47:35,148 [analyzer] INFO: Analysis completed.
It say 'with arguments ['--aaa'] ' why?? in the screenshot never put aaa, also I know that the argument aaa it's doesn't put to the console because I analyze a malware and without an argument the malware don't start, and don't show the real behavior..
You are right @RazviAlex , the argument function also does not function properly in my place. https://github.com/ryanbekabe/picstuff/blob/master/cuckoosandboxarguments.png
In my opinion, you have to re-customize the file using SFX (.exe) Zip / RAR for example, by inserting the command you want.
You try this sentence @ryanbekabe : cuckoo submit /path/to/binary.exe --options arguments="aaa"
with this in my case it show the argument in the log, but just there. The file does not recive any argument
Yes, finally I re-customize, deleting the file arguments option, but just curiosity I want to know how to add argumetnos in cuckoo :)
I try your command @RazviAlex, and some other commands: cuckoo submit pafish.exe --options arguments="aaa" cuckoo submit --package exe --options arguments=--dosomething pafish.exe cuckoo submit --package exe --options arguments=--bkb pafish.exe cuckoo submit --package exe pafish.exe --options arguments=--bkb
I'm also curious about hard-to-implement features like IRMA and Remote Control guacamole directly when files are being analyzed. :)
Update: I make a demo of my report with some arguments : https://youtu.be/i-kLWeo6AM8 Screeeshot : https://github.com/ryanbekabe/picstuff/blob/master/cuckoosandboxarguments2.png It's look like your said "The file does not recive any argument" is right.
When execute a file, needs a parameter to run it, for example just an 'aaa' or anything.
I have looked at similar doubts and found nothing. What I found in the guide is to put this:
cuckoo submit --options arguments=--aaa /path/to/binary.exe
doesn't work, cuckoo just execute the file and not write 'aaa'Also try with:
cuckoo submit /path/to/binary.exe --options arguments "aaa"
and the sameHow would I go about submit the file to cuckoo so that it runs? Thank you!