search

cuckoosandbox / cuckoo

Cuckoo Sandbox is an automated dynamic malware analysis system
http://www.cuckoosandbox.org
Other
5.56k stars 1.71k forks source link

Error before processing data of analysis #3181

Closed rami0208 closed 3 years ago

rami0208 commented 3 years ago
My issue is: I am getting an error before processing data of analysis
My Cuckoo version and operating system are:

Cuckoo version: 2.0.7 Host: Ubuntu 18.04 Guest: Windows 7

This can be reproduced by:

When checking the logs, I got: end of analysis reached. However, processing modules are not executed and the reports is not generated. It seems that there is an error because it is trying to reboot the guest machine.

I am able to run: cuckoo process -r 1 after this error, then the modules will be executed and the report generated but I don't know why it crashes before doing it automatically.

The log, error, files etc can be found at:

2021-02-28 13:38:20,686 [cuckoo.core.resultserver] DEBUG: Task #1 had connection reset for 2021-02-28 13:38:20,808 [cuckoo.core.guest] DEBUG: physical1: analysis not completed yet (status=2) 2021-02-28 13:38:21,814 [cuckoo.core.guest] DEBUG: physical1: analysis not completed yet (status=2) 2021-02-28 13:38:22,914 [cuckoo.core.guest] DEBUG: physical1: analysis not completed yet (status=2) 2021-02-28 13:38:23,920 [cuckoo.core.guest] DEBUG: physical1: analysis not completed yet (status=2) 2021-02-28 13:38:25,009 [cuckoo.core.guest] DEBUG: physical1: analysis not completed yet (status=2) 2021-02-28 13:38:26,015 [cuckoo.core.guest] DEBUG: physical1: analysis not completed yet (status=2) 2021-02-28 13:38:27,078 [cuckoo.core.guest] DEBUG: physical1: analysis not completed yet (status=2) 2021-02-28 13:38:28,085 [cuckoo.core.guest] DEBUG: physical1: analysis not completed yet (status=2) 2021-02-28 13:38:29,089 [cuckoo.core.guest] INFO: physical1: end of analysis reached! 2021-02-28 13:38:29,100 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Replay 2021-02-28 13:38:29,103 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer 2021-02-28 13:38:29,104 [cuckoo.machinery.physical] DEBUG: Getting status for machine: cuckoo_guest. 2021-02-28 13:38:29,182 [cuckoo.machinery.physical] DEBUG: Rebooting machine: cuckoo_guest. 2021-02-28 13:38:29,195 [cuckoo.core.scheduler] ERROR: Failure in AnalysisManager.run Traceback (most recent call last): File "/home/cuckoo/cuckoo/local/lib/python2.7/site-packages/cuckoo/core/scheduler.py", line 755, in run self.launch_analysis() File "/home/cuckoo/cuckoo/local/lib/python2.7/site-packages/cuckoo/core/scheduler.py", line 639, in launch_analysis machinery.stop(self.machine.label) File "/home/cuckoo/cuckoo/local/lib/python2.7/site-packages/cuckoo/machinery/physical.py", line 106, in stop output = subprocess.check_output(args) File "/usr/lib/python2.7/subprocess.py", line 216, in check_output process = Popen(stdout=PIPE, *popenargs, **kwargs) File "/usr/lib/python2.7/subprocess.py", line 394, in init errread, errwrite) File "/usr/lib/python2.7/subprocess.py", line 1047, in _execute_child raise child_exception OSError: [Errno 2] No such file or directory

rami0208 commented 3 years ago

The problem was the simba package missing in Ubuntu dealing with rebooting the guest. Installing this package solves the problem 💯