32bit executable stuck in pending stage

[OtisOat]

About accounts on capesandbox.com

• Issues isn't the way to ask for account acctivation. Ping capesandbox in Twitter with your username

This is opensource and you getting free support so be friendly!

• Free support from doomedraven ended, no whiskey no support. For something he updated the documentation :)

Prerequisites

Please answer the following questions for yourself before submitting an issue.

• [x] I am running the latest version
• [x] I checked the documentation and found no answer
• [x] I checked to make sure that this issue has not already been filed
• [x] I'm reporting the issue to the correct repository (for multi-repository projects)
• [x] I'm have read all configs with all optional parts

Expected Behavior

Cape2 to finish processing the scanned file and generate a report or some event happening in the analysis machine.

cape2@ubuntu:~/Desktop$ file ChromeSetup.exe 
ChromeSetup.exe: PE32 executable (GUI) Intel 80386, for MS Windows

Current Behavior

Stuck in the pending stage from Web UI.

Failure Information (for bugs)

It looks like the process has exited with error code 1. However, the UI is still up and stuck in the pending stage.

cape2@ubuntu:~$ systemctl status cape
● cape.service - CAPE
     Loaded: loaded (/lib/systemd/system/cape.service; enabled; vendor preset: >
     Active: activating (auto-restart) (Result: exit-code) since Sat 2021-08-14>
       Docs: https://github.com/kevoreilly/CAPEv2
    Process: 927 ExecStart=/usr/bin/python3 cuckoo.py (code=exited, status=1/FA>
   Main PID: 927 (code=exited, status=1/FAILURE)

Aug 14 09:27:13 ubuntu systemd[1]: cape.service: Main process exited, code=exit>
Aug 14 09:27:13 ubuntu systemd[1]: cape.service: Failed with result 'exit-code'.
lines 1-9/9 (END)

Steps to Reproduce

Follow the steps here to install:
Installation recommendations and scripts for optimal performance
For best compability we strongly suggest installing on Ubuntu 20.04 LTS
KVM is recommended as hypervisor, replace <W00T> to real pattern
sudo ./kvm-qemu.sh all <username> | tee kvm-qemu.log
To install CAPE itself, cape2.sh with all optimizations
sudo ./cape2.sh base cape | tee cape.log
Reboot and enjoy

However, instead of using qemu, I have set up several VMs in the same custom VMNet.

1. Have installed the deps for Guest and changed the network configuration from: [https://capev2.readthedocs.io/en/latest/installation/guest_physical/requirements.html]
2. Have ensured that the VMs are able to ping each other (Firewall off)
3. Have ensured that the agent are listening to port 8000 by running netstat -ano
4. Changed cuckoo.conf

   
   # Specify the name of the machinery module to use, this module will
   # define the interaction between Cuckoo and your virtualization software
   # of choice.
   machinery = physical
   ...
   [resultserver]
   # The Result Server is used to receive in real time the behavioral logs
   # produced by the analyzer.
   # Specify the IP address of the host. The analysis machines should be able
   # to contact the host through such address, so make sure it's valid.
   # NOTE: if you set resultserver IP to 0.0.0.0 you have to set the option
   # `resultserver_ip` for all your virtual machines in machinery configuration.
   ip = 0.0.0.0

5. Changed physical.conf

[physical01]

Specify the label name of the current machine as specified in your

physical machine configuration.

label = physical01

Specify the operating system platform used by current machine

[windows/darwin/linux].

platform = windows

Specify the IP address of the current machine. Make sure that the IP address

is valid and that the host machine is able to reach it. If not, the analysis

will fail.

ip = 192.168.1.2

If you have not provided a resultserver in cuckoo.conf you can do it here

If you are using machinery "multi" you may have multiple networks connected to your CAPE host

and thus multiple possible ways for your analysis machines to connect so you can specify the

IP and port here

resultserver_ip = 192.168.1.1 resultserver_port = 2042

## Context

Currently, using the machines with VMware Workstation in an offline environment.
Guest machines DNS and Gateway are set to Cape Machine

| Question         | Answer
|------------------|--------------------
| Git commit       | <code> commit 5399fc958cf728cda1229d6795f1a3326f0609fb (HEAD -> master, origin/master, origin/HEAD) Author: doomedraven <doommedraven@gmail.com> Date:   Tue Aug 3 08:18:50 2021 +0200 Update views.py </code>
| OS version       | Ubuntu 20.04

## Failure Logs

Please include any relevant log snippets or files here.

[doomedraven]

you can set it to 0, do you know what will happend to your OS when your disk will reach of of space? everything will just crash

[OtisOat]

@doomedraven yup, I know. That’s why I am asking what’s wrong with the setup instead of setting to 0. From disk management, there are still 50GB free space. Not sure why cape is complaining that there are not enough free space when the setting is just 50MB.

[doomedraven]

dude as i told cape out of the box is ready for production and nobody wants to break their production, as msg tells you can change that to anything that you want, thats all,

50gb of space is nothing for production, less then 25 analysis and you out of memory :D

[OtisOat]

I think there is a misunderstanding here. I know that 50GB is nothing for production too. My question is even though there is ample of space in the VM (50GB now), CAPE is complaining that there is insufficient space (In confg file, is freespace=50MB). Hence even if I allocate 1TB to CAPE VM, CAPE will still be complaining that there is insufficient space. Why?

[OtisOat]

I have a separate question on setting up Win10 Guest machines. I did the same setup for win7 x86 and x64 machines and have no issues detonating ChromeSetup.exe. (Chrome setup ran successfully and the results are returned to Cape). However, for Win10, it seems to be stuck at caller_dispatch (Please refer to the screenshots)

Both are 32bits and have disabled both firewall and Windows Defender.

[kevoreilly]

Check config.c in capemon for some monitor options that will allow you to gain more insight into these errors - you have now firmly entered 'unsupported' territory with Windows10 (especially 32-bit) and Chrome. I have spent a lot of time trying to get Chrome working but it doesn't work well with capemon's hooks so I'm sorry to say, but I wouldn't even bother installing it,

[kevoreilly]

(Also your monitor is out of date)

[OtisOat]

@kevoreilly I tried with other binaries too like python installer, etc but all seems to be stuck at the same location. Oh i didnt know Win10 x86 is unsupported. May I ask if Win10x64, Ubuntu of different architecture are supported?

[kevoreilly]

I am working on Win10 - check capemon issues

[kevoreilly]

(But I don't see the point in working on 32-bit as it's almost obsolete)

[OtisOat]

@kevoreilly okay. Thank you for the update :) As for outdated capemon, I installed via @doomedraven cape2.sh script recently. May I ask how I can update it? Thank you

[kevoreilly]

sudo su cape cd /opt/CAPEv2/ git pull

[OtisOat]

@kevoreilly Thank you so much! :)

[doomedraven]

don't get me wrong but did you read readme and docs? https://github.com/kevoreilly/CAPEv2/#how-to-update