search

cuckoosandbox / cuckoo

Cuckoo Sandbox is an automated dynamic malware analysis system
http://www.cuckoosandbox.org
Other
5.53k stars 1.7k forks source link

Cuckoo analyses, no results but Static Analysis #3010

Open ghost opened 4 years ago

ghost commented 4 years ago

Thanks for creating an issue! But first: did you read our community guidelines? https://cuckoo.sh/docs/introduction/community.html

My issue is: Cuckoo analyses files and seems to finish but I dont get results but Static Analysis. In static analysis i get data as well as the strings tab. I dont get any behavior, network, dropped files etc. I installed Python 64 on my guest Windows 7 x64 machine.
My Cuckoo version and operating system are: 2.0.7
This can be reproduced by:
The log, error, files etc can be found at: I have copied the log file analysis.

2020-04-22 06:36:58,608 [cuckoo.core.scheduler] DEBUG: Processing task #4 2020-04-22 06:36:58,615 [cuckoo.core.scheduler] INFO: Starting analysis of FILE "info.doc" (task #4, options "network-routing=none,procmemdump=yes,route=none") 2020-04-22 06:36:58,688 [cuckoo.core.scheduler] INFO: Task #4: acquired machine Windows7x64 (label=Windows7x64) 2020-04-22 06:36:58,689 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.56.15 for task #4 2020-04-22 06:36:58,689 [cuckoo.core.plugins] DEBUG: Started auxiliary module: Replay 2020-04-22 06:36:58,694 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 7528 (interface=vboxnet0, host=192.168.56.15) 2020-04-22 06:36:58,695 [cuckoo.core.plugins] DEBUG: Started auxiliary module: Sniffer 2020-04-22 06:36:58,712 [cuckoo.machinery.virtualbox] DEBUG: Starting vm Windows7x64 2020-04-22 06:36:58,851 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine Windows7x64 to Windows7x64_snap1 2020-04-22 06:37:09,503 [cuckoo.core.guest] INFO: Starting analysis #4 on guest (id=Windows7x64, ip=192.168.56.15) 2020-04-22 06:37:10,514 [cuckoo.core.guest] DEBUG: Windows7x64: not ready yet 2020-04-22 06:37:11,516 [cuckoo.core.guest] DEBUG: Windows7x64: not ready yet 2020-04-22 06:37:12,522 [cuckoo.core.guest] DEBUG: Windows7x64: not ready yet 2020-04-22 06:37:13,524 [cuckoo.core.guest] DEBUG: Windows7x64: not ready yet 2020-04-22 06:37:14,530 [cuckoo.core.guest] DEBUG: Windows7x64: not ready yet 2020-04-22 06:37:15,533 [cuckoo.core.guest] DEBUG: Windows7x64: not ready yet 2020-04-22 06:37:16,544 [cuckoo.core.guest] DEBUG: Windows7x64: not ready yet 2020-04-22 06:37:17,554 [cuckoo.core.guest] DEBUG: Windows7x64: not ready yet 2020-04-22 06:37:18,564 [cuckoo.core.guest] DEBUG: Windows7x64: not ready yet 2020-04-22 06:37:19,574 [cuckoo.core.guest] DEBUG: Windows7x64: not ready yet 2020-04-22 06:37:20,577 [cuckoo.core.guest] DEBUG: Windows7x64: not ready yet 2020-04-22 06:37:21,303 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=Windows7x64, ip=192.168.56.15) 2020-04-22 06:37:21,396 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=Windows7x64, ip=192.168.56.15, monitor=latest, size=3884763) 2020-04-22 06:37:48,658 [cuckoo.core.guest] DEBUG: Windows7x64: analysis #4 still processing 2020-04-22 06:37:52,853 [cuckoo.core.resultserver] DEBUG: Task #4: live log analysis.log initialized. 2020-04-22 06:37:53,783 [cuckoo.core.guest] DEBUG: Windows7x64: analysis #4 still processing 2020-04-22 06:37:58,896 [cuckoo.core.guest] DEBUG: Windows7x64: analysis #4 still processing 2020-04-22 06:38:03,995 [cuckoo.core.guest] DEBUG: Windows7x64: analysis #4 still processing 2020-04-22 06:38:09,091 [cuckoo.core.guest] DEBUG: Windows7x64: analysis #4 still processing 2020-04-22 06:38:14,182 [cuckoo.core.guest] DEBUG: Windows7x64: analysis #4 still processing 2020-04-22 06:38:19,280 [cuckoo.core.guest] DEBUG: Windows7x64: analysis #4 still processing 2020-04-22 06:38:24,359 [cuckoo.core.guest] DEBUG: Windows7x64: analysis #4 still processing 2020-04-22 06:38:29,580 [cuckoo.core.guest] DEBUG: Windows7x64: analysis #4 still processing 2020-04-22 06:38:34,805 [cuckoo.core.guest] DEBUG: Windows7x64: analysis #4 still processing 2020-04-22 06:38:39,866 [cuckoo.core.guest] DEBUG: Windows7x64: analysis #4 still processing 2020-04-22 06:38:44,958 [cuckoo.core.guest] DEBUG: Windows7x64: analysis #4 still processing 2020-04-22 06:38:50,061 [cuckoo.core.guest] DEBUG: Windows7x64: analysis #4 still processing 2020-04-22 06:38:55,140 [cuckoo.core.guest] DEBUG: Windows7x64: analysis #4 still processing 2020-04-22 06:39:00,226 [cuckoo.core.guest] DEBUG: Windows7x64: analysis #4 still processing 2020-04-22 06:39:05,378 [cuckoo.core.guest] DEBUG: Windows7x64: analysis #4 still processing 2020-04-22 06:39:10,480 [cuckoo.core.guest] DEBUG: Windows7x64: analysis #4 still processing 2020-04-22 06:39:15,583 [cuckoo.core.guest] DEBUG: Windows7x64: analysis #4 still processing 2020-04-22 06:39:20,764 [cuckoo.core.guest] DEBUG: Windows7x64: analysis #4 still processing 2020-04-22 06:39:25,880 [cuckoo.core.guest] DEBUG: Windows7x64: analysis #4 still processing 2020-04-22 06:39:30,956 [cuckoo.core.guest] DEBUG: Windows7x64: analysis #4 still processing 2020-04-22 06:39:36,033 [cuckoo.core.guest] DEBUG: Windows7x64: analysis #4 still processing 2020-04-22 06:39:41,120 [cuckoo.core.guest] DEBUG: Windows7x64: analysis #4 still processing 2020-04-22 06:39:46,225 [cuckoo.core.guest] DEBUG: Windows7x64: analysis #4 still processing 2020-04-22 06:39:51,293 [cuckoo.core.guest] DEBUG: Windows7x64: analysis #4 still processing 2020-04-22 06:39:56,446 [cuckoo.core.guest] DEBUG: Windows7x64: analysis #4 still processing 2020-04-22 06:40:01,585 [cuckoo.core.guest] DEBUG: Windows7x64: analysis #4 still processing 2020-04-22 06:40:06,694 [cuckoo.core.guest] DEBUG: Windows7x64: analysis #4 still processing 2020-04-22 06:40:11,781 [cuckoo.core.guest] DEBUG: Windows7x64: analysis #4 still processing 2020-04-22 06:40:16,865 [cuckoo.core.guest] DEBUG: Windows7x64: analysis #4 still processing 2020-04-22 06:40:21,968 [cuckoo.core.guest] DEBUG: Windows7x64: analysis #4 still processing 2020-04-22 06:40:27,053 [cuckoo.core.guest] DEBUG: Windows7x64: analysis #4 still processing 2020-04-22 06:40:32,198 [cuckoo.core.guest] DEBUG: Windows7x64: analysis #4 still processing 2020-04-22 06:40:37,286 [cuckoo.core.guest] DEBUG: Windows7x64: analysis #4 still processing 2020-04-22 06:40:42,336 [cuckoo.core.guest] DEBUG: Windows7x64: analysis #4 still processing 2020-04-22 06:40:44,369 [cuckoo.core.guest] INFO: Windows7x64: end of analysis reached! 2020-04-22 06:40:44,381 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Replay 2020-04-22 06:40:44,826 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer 2020-04-22 06:40:44,826 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm Windows7x64 2020-04-22 06:40:46,686 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.56.15 for task #4 2020-04-22 06:40:46,687 [cuckoo.core.resultserver] DEBUG: Cancel for task 4 2020-04-22 06:40:46,694 [cuckoo.core.scheduler] DEBUG: Released database task #4 2020-04-22 06:40:46,717 [cuckoo.core.plugins] DEBUG: Executed processing module "AnalysisInfo" for task #4 2020-04-22 06:40:46,717 [cuckoo.processing.behavior] WARNING: Analysis results folder does not contain any behavior log files. 2020-04-22 06:40:46,717 [cuckoo.core.plugins] DEBUG: Executed processing module "BehaviorAnalysis" for task #4 2020-04-22 06:40:46,718 [cuckoo.core.plugins] DEBUG: Executed processing module "Dropped" for task #4 2020-04-22 06:40:46,718 [cuckoo.core.plugins] DEBUG: Executed processing module "DroppedBuffer" for task #4 2020-04-22 06:40:46,719 [cuckoo.core.plugins] DEBUG: Executed processing module "MetaInfo" for task #4 2020-04-22 06:40:46,719 [cuckoo.core.plugins] DEBUG: Executed processing module "ProcessMemory" for task #4 2020-04-22 06:40:46,719 [cuckoo.core.plugins] DEBUG: Executed processing module "Procmon" for task #4 2020-04-22 06:40:46,720 [cuckoo.core.plugins] DEBUG: Executed processing module "Screenshots" for task #4 2020-04-22 06:40:46,734 [cuckoo.core.plugins] DEBUG: Executed processing module "Static" for task #4 2020-04-22 06:40:46,746 [cuckoo.core.plugins] DEBUG: Executed processing module "Strings" for task #4 2020-04-22 06:40:46,752 [cuckoo.core.plugins] DEBUG: Executed processing module "TargetInfo" for task #4 2020-04-22 06:40:46,807 [cuckoo.core.plugins] DEBUG: Executed processing module "NetworkAnalysis" for task #4 2020-04-22 06:40:46,808 [cuckoo.core.plugins] DEBUG: Executed processing module "Extracted" for task #4 2020-04-22 06:40:46,808 [cuckoo.core.plugins] DEBUG: Executed processing module "TLSMasterSecrets" for task #4 2020-04-22 06:40:46,810 [cuckoo.core.plugins] DEBUG: Executed processing module "Debug" for task #4 2020-04-22 06:40:46,847 [cuckoo.core.plugins] DEBUG: Running 542 signatures 2020-04-22 06:40:47,068 [cuckoo.core.plugins] DEBUG: Executed reporting module "JsonDump" 2020-04-22 06:40:47,090 [cuckoo.core.plugins] DEBUG: Executed reporting module "MongoDB" 2020-04-22 06:40:47,090 [cuckoo.core.scheduler] INFO: Task #4: reports generation completed 2020-04-22 06:40:47,096 [cuckoo.core.scheduler] INFO: Task #4: analysis procedure completed

n00btotal commented 4 years ago

I'm having the same issue.

Cuckoo 2.0.7 running on Kali linux.

Submitting a doc file (with macros that creates a malicious file), it does create a good static analysis, but no dropped files or other relevant analysis is reported.

n00btotal commented 4 years ago

Yeah, I saw that aswell, so I got a 64bit Windows 10, and a 64bit Windows 7, both running 32bit python. I've confirmed that from the process manager (says the background process running the python agent is 32bit ("pythonw.exe *32")

n00btotal commented 4 years ago

Yes, still the same issue.

(same result with 64bit python as with 32bit python)

vinceplayer commented 4 years ago

have you resolved , i have some problem in guest vm linux?

n00btotal commented 4 years ago

No, I still have the same issue. Will try to focus on this the coming week.

Den ons 1 juli 2020 15:31vinceplayer notifications@github.com skrev:

have you resolved , i have some problem in guest vm linux?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/cuckoosandbox/cuckoo/issues/3010#issuecomment-652419720, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAULF2OWICQ2H26JGL7DUTRZM3BRANCNFSM4MNVVGWA .

z1pwn commented 4 years ago

have you resolved, it seems i have the same problem like yours.

No, I still have the same issue. Will try to focus on this the coming week. Den ons 1 juli 2020 15:31vinceplayer notifications@github.com skrev: have you resolved , i have some problem in guest vm linux? — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#3010 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAULF2OWICQ2H26JGL7DUTRZM3BRANCNFSM4MNVVGWA .