doomedraven
commented
3 years ago First time hearing tht, maybe you have 3nabled caperwsubmir in reporting conf, but that needrepirted sample, idk what could cause another issue like that
El mié., 20 ene. 2021 11:33, Phil Benson notifications@github.com escribió:
This is opensource and you getting free support so be friendly!
- Wants to say thanks -> buy me a beer https://opencollective.com/virustotalapi
Prerequisites
Please answer the following questions for yourself before submitting an issue.
- [ x] I checked to make sure that this issue has not already been filed
- [ x] I'm reporting the issue to the correct repository (for multi-repository projects)
- [ x] I read my log of installation, all issues will be closed if you don't do your part of work
Expected Behavior
Submitting 1 (one) sample to CAPEv2 should only be processed once Current Behavior
Submitting 1 (one) sample to CAPEv2 causes the sample to be processed twice Failure Information (for bugs)
The current environment Windows 10 LTSC Host System running VirtualBox
- Ubuntu 20.04 VirtualBox "Guest" OS running KVM as installed per (kvm-qemu.sh), CAPEv2 as installed per cape2.sh (sudo ./cape2.sh base cape) . Manual change to Pebble (4.5.3).
- Windows 7 X64 KVM Client (Paravirtualised)
This is just a test environment Steps to Reproduce
- Submit Sample via WebGUI (Analysis and Processing ok)
- After a while the same sample is analyised and processed again with a new task ID
Context
Please provide any relevant information about your setup. This is important in case the issue is not reproducible except for under certain conditions. Question Answer OS version Windows 10 Host, Ubuntu 20.04 Guest running KVM, Windows 7 x64 paravirtualised Client Software version VirtualBox 6.1.16, QEMU emulator version 4.2.1 Failure Logs
cape.service log an 20 08:49:28 CAPEv2 systemd[1]: Started CAPE. Jan 20 08:49:45 CAPEv2 python3[626]: .: Jan 20 08:49:45 CAPEv2 python3[626]: :: Jan 20 08:49:45 CAPEv2 python3[626]: .-. , : .-. ;;.-. .-. .-. Jan 20 08:49:45 CAPEv2 python3[626]: ; ; ; ; ;; .' ; ;'; ;' Jan 20 08:49:45 CAPEv2 python3[626]: ;;;;'.'..:;.;;;;'.' .;;' `;;' Jan 20 08:49:45 CAPEv2 python3[626]: Cuckoo Sandbox 2.2-CAPE Jan 20 08:49:45 CAPEv2 python3[626]: www.cuckoosandbox.org Jan 20 08:49:45 CAPEv2 python3[626]: Copyright (c) 2010-2015 Jan 20 08:49:45 CAPEv2 python3[626]: CAPE: Config and Payload Extraction Jan 20 08:49:45 CAPEv2 python3[626]: github.com/kevoreilly/CAPEv2 Jan 20 08:49:47 CAPEv2 python3[626]: pywin32 is not installed (only is required if you want to use MS Excel) Jan 20 08:49:52 CAPEv2 python3[626]: 2021-01-20 08:49:52,268 [lib.cuckoo.core.scheduler] INFO: Using "kvm" machine manager with max_analysis_count=0, max_machin> Jan 20 08:49:52 CAPEv2 python3[626]: 2021-01-20 08:49:52,355 [lib.cuckoo.core.scheduler] INFO: Loaded 1 machine/s Jan 20 08:49:52 CAPEv2 python3[626]: 2021-01-20 08:49:52,372 [lib.cuckoo.core.scheduler] INFO: Waiting for analysis tasks. Jan 20 09:05:42 CAPEv2 python3[626]: 2021-01-20 09:05:42,349 [lib.cuckoo.core.scheduler] INFO: Task #1 https://github.com/doomedraven/Tools/pull/1: Starting analysis of FILE '/tmp/cuckoo-tmp/upload_lo3rr8> Jan 20 09:05:42 CAPEv2 python3[626]: 2021-01-20 09:05:42,397 [lib.cuckoo.core.scheduler] INFO: Task #1 https://github.com/doomedraven/Tools/pull/1: acquired machine WIN7X64-001 (label=WIN7X64-001, platfor> Jan 20 09:06:08 CAPEv2 python3[626]: 2021-01-20 09:06:08,516 [lib.cuckoo.core.scheduler] INFO: Enabled route 'tor' Jan 20 09:06:08 CAPEv2 python3[626]: 2021-01-20 09:06:08,582 [modules.auxiliary.sniffer] INFO: Started sniffer with PID 7423 (interface=virbr0, host=192.168.122> Jan 20 09:06:08 CAPEv2 python3[626]: 2021-01-20 09:06:08,662 [lib.cuckoo.core.guest] INFO: Starting analysis #1 https://github.com/doomedraven/Tools/pull/1 on guest (id=WIN7X64-001, ip=192.168.122.105) Jan 20 09:06:09 CAPEv2 python3[626]: 2021-01-20 09:06:09,275 [lib.cuckoo.core.guest] INFO: Guest is running CAPE Agent 0.11 (id=WIN7X64-001, ip=192.168.122.105) Jan 20 09:06:19 CAPEv2 python3[626]: 2021-01-20 09:06:19,181 [lib.cuckoo.core.guest] INFO: Uploading support files to guest (id=WIN7X64-001, ip=192.168.122.105) Jan 20 09:12:19 CAPEv2 python3[626]: 2021-01-20 09:12:19,265 [lib.cuckoo.core.guest] INFO: WIN7X64-001: end of analysis reached! Jan 20 09:12:39 CAPEv2 python3[626]: 2021-01-20 09:12:39,618 [lib.cuckoo.core.scheduler] INFO: Disabled route 'tor' Jan 20 09:12:39 CAPEv2 python3[626]: 2021-01-20 09:12:39,746 [lib.cuckoo.core.scheduler] INFO: Task #1 https://github.com/doomedraven/Tools/pull/1: analysis procedure completed Jan 20 09:19:41 CAPEv2 python3[626]: 2021-01-20 09:19:41,064 [lib.cuckoo.core.scheduler] INFO: Task #2 https://github.com/doomedraven/Tools/pull/2: Starting analysis of FILE '/tmp/cuckoo-tmp/upload_lo3rr8> Jan 20 09:19:41 CAPEv2 python3[626]: 2021-01-20 09:19:41,106 [lib.cuckoo.core.scheduler] INFO: Task #2 https://github.com/doomedraven/Tools/pull/2: File already exists at '/opt/CAPEv2/storage/binaries/e5e> Jan 20 09:19:41 CAPEv2 python3[626]: 2021-01-20 09:19:41,124 [lib.cuckoo.core.scheduler] INFO: Task #2 https://github.com/doomedraven/Tools/pull/2: acquired machine WIN7X64-001 (label=WIN7X64-001, platfor> Jan 20 09:19:59 CAPEv2 python3[626]: 2021-01-20 09:19:59,681 [lib.cuckoo.core.scheduler] WARNING: Unknown network routing destination specified, ignoring routin> Jan 20 09:19:59 CAPEv2 python3[626]: 2021-01-20 09:19:59,682 [lib.cuckoo.core.scheduler] INFO: Enabled route 'false' Jan 20 09:19:59 CAPEv2 python3[626]: 2021-01-20 09:19:59,736 [modules.auxiliary.sniffer] INFO: Started sniffer with PID 7914 (interface=virbr0, host=192.168.122> Jan 20 09:19:59 CAPEv2 python3[626]: 2021-01-20 09:19:59,809 [lib.cuckoo.core.guest] INFO: Starting analysis #2 https://github.com/doomedraven/Tools/pull/2 on guest (id=WIN7X64-001, ip=192.168.122.105) Jan 20 09:19:59 CAPEv2 python3[626]: 2021-01-20 09:19:59,922 [lib.cuckoo.core.guest] INFO: Guest is running CAPE Agent 0.11 (id=WIN7X64-001, ip=192.168.122.105) Jan 20 09:20:07 CAPEv2 python3[626]: 2021-01-20 09:20:07,787 [lib.cuckoo.core.guest] INFO: Uploading support files to guest (id=WIN7X64-001, ip=192.168.122.105) Jan 20 09:26:08 CAPEv2 python3[626]: 2021-01-20 09:26:08,412 [lib.cuckoo.core.guest] INFO: WIN7X64-001: end of analysis reached! Jan 20 09:26:28 CAPEv2 python3[626]: 2021-01-20 09:26:28,749 [lib.cuckoo.core.scheduler] INFO: Task #2 https://github.com/doomedraven/Tools/pull/2: analysis procedure completed
Perhaps it is due to a timing issue (i.e. The initial analysis is not completed in a timely fashion and the original submission is still in the "queue"?) There is only one Client VM available for analysis, perhaps a second one would resolve the issue
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/doomedraven/Tools/issues/69, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAOFH3YKY35N2NCK6D6FBKLS22WPXANCNFSM4WKOTYFQ .
anykeypress
This is opensource and you getting free support so be friendly!
Prerequisites
Please answer the following questions for yourself before submitting an issue.
Expected Behavior
Submitting 1 (one) sample to CAPEv2 should only be processed once
Current Behavior
Submitting 1 (one) sample to CAPEv2 causes the sample to be processed twice
Failure Information (for bugs)
The current environment Windows 10 LTSC Host System running VirtualBox
This is just a test environment
Steps to Reproduce
Context
Please provide any relevant information about your setup. This is important in case the issue is not reproducible except for under certain conditions.
Failure Logs
cape.service log an 20 08:49:28 CAPEv2 systemd[1]: Started CAPE. Jan 20 08:49:45 CAPEv2 python3[626]: .: Jan 20 08:49:45 CAPEv2 python3[626]: :: Jan 20 08:49:45 CAPEv2 python3[626]: .-. , : .-. ;;.-. .-. .-. Jan 20 08:49:45 CAPEv2 python3[626]: ; ; ; ; ;; .' ; ;'; ;' Jan 20 08:49:45 CAPEv2 python3[626]:
;;;;'.'..:;.`;;;;'.'`.;;' `;;' Jan 20 08:49:45 CAPEv2 python3[626]: Cuckoo Sandbox 2.2-CAPE Jan 20 08:49:45 CAPEv2 python3[626]: www.cuckoosandbox.org Jan 20 08:49:45 CAPEv2 python3[626]: Copyright (c) 2010-2015 Jan 20 08:49:45 CAPEv2 python3[626]: CAPE: Config and Payload Extraction Jan 20 08:49:45 CAPEv2 python3[626]: github.com/kevoreilly/CAPEv2 Jan 20 08:49:47 CAPEv2 python3[626]: pywin32 is not installed (only is required if you want to use MS Excel) Jan 20 08:49:52 CAPEv2 python3[626]: 2021-01-20 08:49:52,268 [lib.cuckoo.core.scheduler] INFO: Using "kvm" machine manager with max_analysis_count=0, max_machin> Jan 20 08:49:52 CAPEv2 python3[626]: 2021-01-20 08:49:52,355 [lib.cuckoo.core.scheduler] INFO: Loaded 1 machine/s Jan 20 08:49:52 CAPEv2 python3[626]: 2021-01-20 08:49:52,372 [lib.cuckoo.core.scheduler] INFO: Waiting for analysis tasks. Jan 20 09:05:42 CAPEv2 python3[626]: 2021-01-20 09:05:42,349 [lib.cuckoo.core.scheduler] INFO: Task #1: Starting analysis of FILE '/tmp/cuckoo-tmp/upload_lo3rr8> Jan 20 09:05:42 CAPEv2 python3[626]: 2021-01-20 09:05:42,397 [lib.cuckoo.core.scheduler] INFO: Task #1: acquired machine WIN7X64-001 (label=WIN7X64-001, platfor> Jan 20 09:06:08 CAPEv2 python3[626]: 2021-01-20 09:06:08,516 [lib.cuckoo.core.scheduler] INFO: Enabled route 'tor' Jan 20 09:06:08 CAPEv2 python3[626]: 2021-01-20 09:06:08,582 [modules.auxiliary.sniffer] INFO: Started sniffer with PID 7423 (interface=virbr0, host=192.168.122> Jan 20 09:06:08 CAPEv2 python3[626]: 2021-01-20 09:06:08,662 [lib.cuckoo.core.guest] INFO: Starting analysis #1 on guest (id=WIN7X64-001, ip=192.168.122.105) Jan 20 09:06:09 CAPEv2 python3[626]: 2021-01-20 09:06:09,275 [lib.cuckoo.core.guest] INFO: Guest is running CAPE Agent 0.11 (id=WIN7X64-001, ip=192.168.122.105) Jan 20 09:06:19 CAPEv2 python3[626]: 2021-01-20 09:06:19,181 [lib.cuckoo.core.guest] INFO: Uploading support files to guest (id=WIN7X64-001, ip=192.168.122.105) Jan 20 09:12:19 CAPEv2 python3[626]: 2021-01-20 09:12:19,265 [lib.cuckoo.core.guest] INFO: WIN7X64-001: end of analysis reached! Jan 20 09:12:39 CAPEv2 python3[626]: 2021-01-20 09:12:39,618 [lib.cuckoo.core.scheduler] INFO: Disabled route 'tor' Jan 20 09:12:39 CAPEv2 python3[626]: 2021-01-20 09:12:39,746 [lib.cuckoo.core.scheduler] INFO: Task #1: analysis procedure completed Jan 20 09:19:41 CAPEv2 python3[626]: 2021-01-20 09:19:41,064 [lib.cuckoo.core.scheduler] INFO: Task #2: Starting analysis of FILE '/tmp/cuckoo-tmp/upload_lo3rr8> Jan 20 09:19:41 CAPEv2 python3[626]: 2021-01-20 09:19:41,106 [lib.cuckoo.core.scheduler] INFO: Task #2: File already exists at '/opt/CAPEv2/storage/binaries/e5e> Jan 20 09:19:41 CAPEv2 python3[626]: 2021-01-20 09:19:41,124 [lib.cuckoo.core.scheduler] INFO: Task #2: acquired machine WIN7X64-001 (label=WIN7X64-001, platfor> Jan 20 09:19:59 CAPEv2 python3[626]: 2021-01-20 09:19:59,681 [lib.cuckoo.core.scheduler] WARNING: Unknown network routing destination specified, ignoring routin> Jan 20 09:19:59 CAPEv2 python3[626]: 2021-01-20 09:19:59,682 [lib.cuckoo.core.scheduler] INFO: Enabled route 'false' Jan 20 09:19:59 CAPEv2 python3[626]: 2021-01-20 09:19:59,736 [modules.auxiliary.sniffer] INFO: Started sniffer with PID 7914 (interface=virbr0, host=192.168.122> Jan 20 09:19:59 CAPEv2 python3[626]: 2021-01-20 09:19:59,809 [lib.cuckoo.core.guest] INFO: Starting analysis #2 on guest (id=WIN7X64-001, ip=192.168.122.105) Jan 20 09:19:59 CAPEv2 python3[626]: 2021-01-20 09:19:59,922 [lib.cuckoo.core.guest] INFO: Guest is running CAPE Agent 0.11 (id=WIN7X64-001, ip=192.168.122.105) Jan 20 09:20:07 CAPEv2 python3[626]: 2021-01-20 09:20:07,787 [lib.cuckoo.core.guest] INFO: Uploading support files to guest (id=WIN7X64-001, ip=192.168.122.105) Jan 20 09:26:08 CAPEv2 python3[626]: 2021-01-20 09:26:08,412 [lib.cuckoo.core.guest] INFO: WIN7X64-001: end of analysis reached! Jan 20 09:26:28 CAPEv2 python3[626]: 2021-01-20 09:26:28,749 [lib.cuckoo.core.scheduler] INFO: Task #2: analysis procedure completedPerhaps it is due to a timing issue (i.e. The initial analysis is not completed in a timely fashion and the original submission is still in the "queue"?) There is only one Client VM available for analysis, perhaps a second one would resolve the issue