cuckoo-modified icon indicating copy to clipboard operation
cuckoo-modified copied to clipboard
verified publisher icon brad-sp

On win10-x64 [Errno 13] Permission denied: 'C:\\3648.ini' The package "modules.packages.regsv

Open SmartResearcherME opened this issue 9 years ago • 5 comments

Hi,

I am using cuckoo modified build from following source.

https://codeload.github.com/brad-accuvant/cuckoo-modified/zip/master

I am trying to submit sample in windows 10 x64 VM in vmware. and getting following error.

See following logs of debug:

2016-03-16 12:39:33,406 [lib.cuckoo.core.guest] DEBUG: win10: analysis not completed yet (status=2) 2016-03-16 12:39:33,771 [lib.cuckoo.core.resultserver] DEBUG: New connection from: 172.16.148.130:49504 2016-03-16 12:39:33,772 [lib.cuckoo.core.resultserver] DEBUG: LogHandler for live analysis.log initialized. 2016-03-16 12:39:34,411 [lib.cuckoo.core.guest] DEBUG: win10: analysis not completed yet (status=2) 2016-03-16 12:39:35,417 [lib.cuckoo.core.scheduler] ERROR: Analysis failed: The package "modules.packages.regsvr" start function encountered an unhandled exception: [Errno 13] Permission denied: 'C:\3648.ini' 2016-03-16 12:39:35,636 [lib.cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer 2016-03-16 12:39:35,637 [lib.cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Tor 2016-03-16 12:39:35,637 [modules.machinery.vmware] DEBUG: Stopping vm /media/ali/I/Imported/Windows10x64/Windows10x64.vmx

Please advise how to get rid of this error?

-thanks

SmartResearcherME avatar Mar 16 '16 10:03 SmartResearcherME

I also tried steps mentioned on following link http://answers.microsoft.com/en-us/windows/forum/windows_7-security/windows-7-cannot-save-files-to-c-even-after-making/938f2b50-b063-475b-8c5e-905d136df2e3?tab=question&status=AllReplies&auth=1#tabs

but issue is still facing.

I can successfully submit and analysis sample in windows 7 32 bit. But this issue is valid for win10 x64 on vmware.

SmartResearcherME avatar Mar 16 '16 10:03 SmartResearcherME

Hi @SmartResearcherME can you open this in the new cuckoo-modified home please:

https://github.com/spender-sandbox/cuckoo-modified

Also, you want to run that version instead of this out of date one.

Thanks

SteveClement avatar Mar 16 '16 11:03 SteveClement

Windows 10 isn't support anyways, on both upstream and the fork.

KillerInstinct avatar Mar 16 '16 11:03 KillerInstinct

@SteveClement I want to use windows 10 x64 as vm. And that build support x64 windows thats why used it.

If you have better suggestion please tell

SmartResearcherME avatar Mar 16 '16 12:03 SmartResearcherME

@SmartResearcherME Did you try running it with sudo. On windows you can say running as administrator. Most of the time this is the only reason for the permission denied error You may follow these links for help error windows club changing ownership

arpit1997 avatar Oct 29 '16 19:10 arpit1997