search

cuckoosandbox / cuckoo

Cuckoo Sandbox is an automated dynamic malware analysis system
http://www.cuckoosandbox.org
Other
5.52k stars 1.7k forks source link

Wind 7 0x86 analysis CuckooPackageError: Unable to execute the initial process, analysis aborted. #2995

Open 3ntr0phy opened 4 years ago

3ntr0phy commented 4 years ago

I am facing the following issues with some of the software I am testing:

Win7: analysis #4 caught an exception Traceback (most recent call last): File "C:/tmpgzeptt/analyzer.py", line 808, in success = analyzer.run() File "C:/tmpgzeptt/analyzer.py", line 657, in run pids = self.package.start(self.target) File "C:\tmpgzeptt\modules\packages\exe.py", line 23, in start return self.execute(path, args=shlex.split(args)) File "C:\tmpgzeptt\lib\common\abstracts.py", line 166, in execute "Unable to execute the initial process, analysis aborted." CuckooPackageError: Unable to execute the initial process, analysis aborted.

I saw that there was another issue related to this but it hasn't been closed yet. If you have any indication on the reason of it and how to fix it? thank you The agent is run as administrator, only some samples throw this exception

sarahcxh commented 4 years ago

Am facing the same problems! Only some samples throw this exception.

soutzis commented 4 years ago

I am having the same issue. I running a batch analysis and every now and then, I will get that error. There is not any more information in the debug logs. See the error below:

2020-08-16 17:27:43,819 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=cuckoo4, ip=192.168.56.104, monitor=latest, size=3884763)
2020-08-16 17:27:44,038 [cuckoo.core.resultserver] DEBUG: Task #119: live log analysis.log initialized.
2020-08-16 17:27:44,925 [cuckoo.core.resultserver] DEBUG: Task #119 is sending a BSON stream
2020-08-16 17:27:45,972 [cuckoo.core.guest] WARNING: cuckoo4: analysis #119 caught an exception
Traceback (most recent call last):
  File "C:/tmpo3ydwm/analyzer.py", line 808, in <module>
    success = analyzer.run()
  File "C:/tmpo3ydwm/analyzer.py", line 657, in run
    pids = self.package.start(self.target)
  File "C:\tmpo3ydwm\modules\packages\exe.py", line 23, in start
    return self.execute(path, args=shlex.split(args))
  File "C:\tmpo3ydwm\lib\common\abstracts.py", line 166, in execute
    "Unable to execute the initial process, analysis aborted."
CuckooPackageError: Unable to execute the initial process, analysis aborted.

2020-08-16 17:27:45,982 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Replay

If anyone knows why this happens, please share it here.

Associated log files: analysis.log cuckoo.log