cuckoo-modified icon indicating copy to clipboard operation
cuckoo-modified copied to clipboard
verified publisher icon brad-sp

win10-x64: analysis not completed yet (status=2) [lib.cuckoo.core.scheduler] ERROR: The analysis hit the critical timeout, terminating.

Open SmartResearcherME opened this issue 9 years ago • 3 comments

Hi,

In have co figured cuckoo modified on ubuntu 14.04 and a win10-sp1-x64 vm as sandbox guest (disabled UAC, Disabled windows defender, disabled firewall ) and agent.py is running with administrator privileges.

On submitting sample sample is copied successful but behavioral analysis don't seems to performed. As log say only results of static analysis. I once performed analysis on win10-x64 without any issue and dynamic analysis was also being reported but my pc crash and rebuild cockoo and win10x64.

I even tried creating file in c:\abc.tx with admin privileged and it allows me to do that.

analysis not completed yet (status=2) [lib.cuckoo.core.scheduler] ERROR: The analysis hit the critical timeout, terminating. [lib.cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer

Please suggest @brad-accuvant

Regrads,

SmartResearcherME avatar Mar 30 '16 06:03 SmartResearcherME

Any suggestion @brad-accuvant ?

SmartResearcherME avatar Mar 31 '16 11:03 SmartResearcherME

@SmartResearcherME it seems your network is not configured properly. Please validate;

  • Network settings for both (Host & Guest)
  • Firewall settings in case if you have configured cuckoo sandbox in network

And please try to share debug level logs. Thanks

Abdullah-Mughal avatar Apr 04 '16 10:04 Abdullah-Mughal

Hello, I'm running into the same error on my Win7 64bit. Below is my debug level logs.

I have host-only network set up at the guest system, and port forwarding set up at host (Ubuntu) system, so guest is able to access internet. Host and guest are able to ping each other. Firewall and UAC are turned off in guest. The python agent is set and verified to run at startup.

Is there anything else I'm missing?

Thanks

2016-08-21 15:20:29,103 [lib.cuckoo.core.scheduler] INFO: Task #11: File already exists at '/opt/cuckoo-modified/storage/binaries/8a314547980f98fe1d19a816626da2eba20554714661ae14c7ad595bcd688d07' 2016-08-21 15:20:29,139 [lib.cuckoo.core.scheduler] INFO: Task #11: acquired machine Win7x64 (label=Win7x64) 2016-08-21 15:20:29,172 [modules.machinery.virtualbox] DEBUG: Starting vm Win7x64 2016-08-21 15:20:29,174 [modules.machinery.virtualbox] DEBUG: Getting status for Win7x64 2016-08-21 15:20:29,980 [modules.machinery.virtualbox] DEBUG: Machine Win7x64 status poweroff 2016-08-21 15:20:30,056 [modules.machinery.virtualbox] DEBUG: Using current snapshot for virtual machine Win7x64 2016-08-21 15:20:30,196 [modules.machinery.virtualbox] DEBUG: Getting status for Win7x64 2016-08-21 15:20:31,186 [modules.machinery.virtualbox] DEBUG: Machine Win7x64 status saved 2016-08-21 15:20:42,194 [modules.machinery.virtualbox] DEBUG: Getting status for Win7x64 2016-08-21 15:20:42,462 [modules.machinery.virtualbox] DEBUG: Machine Win7x64 status running 2016-08-21 15:20:42,563 [modules.auxiliary.sniffer] INFO: Started sniffer with PID 9431 (interface=vboxnet0, host=192.168.56.101, dump path=/opt/cuckoo-modified/storage/analyses/11/dump.pcap) 2016-08-21 15:20:42,564 [lib.cuckoo.core.plugins] DEBUG: Started auxiliary module: Sniffer 2016-08-21 15:20:42,564 [lib.cuckoo.core.plugins] DEBUG: Started auxiliary module: Tor 2016-08-21 15:20:42,568 [lib.cuckoo.core.guest] INFO: Starting analysis on guest (id=Win7x64, ip=192.168.56.101) 2016-08-21 15:20:42,570 [lib.cuckoo.core.guest] DEBUG: Win7x64: waiting for status 0x0001 2016-08-21 15:20:49,589 [lib.cuckoo.core.guest] DEBUG: Win7x64: status ready 2016-08-21 15:20:49,630 [lib.cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=Win7x64, ip=192.168.56.101) 2016-08-21 15:20:50,353 [lib.cuckoo.core.guest] DEBUG: Win7x64: analyzer started with PID 2688 2016-08-21 15:20:50,353 [lib.cuckoo.core.guest] DEBUG: Win7x64: waiting for completion 2016-08-21 15:20:51,358 [lib.cuckoo.core.guest] DEBUG: Win7x64: analysis not completed yet (status=2) 2016-08-21 15:20:52,407 [lib.cuckoo.core.guest] DEBUG: Win7x64: analysis not completed yet (status=2) 2016-08-21 15:20:53,413 [lib.cuckoo.core.guest] DEBUG: Win7x64: analysis not completed yet (status=2) 2016-08-21 15:23:51,318 [lib.cuckoo.core.scheduler] ERROR: The analysis hit the critical timeout, terminating. 2016-08-21 15:23:51,366 [lib.cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer 2016-08-21 15:23:51,367 [lib.cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Tor 2016-08-21 15:23:51,368 [modules.machinery.virtualbox] DEBUG: Stopping vm Win7x64 2016-08-21 15:23:51,368 [modules.machinery.virtualbox] DEBUG: Getting status for Win7x64 2016-08-21 15:23:52,285 [modules.machinery.virtualbox] DEBUG: Machine Win7x64 status running 2016-08-21 15:23:53,330 [modules.machinery.virtualbox] DEBUG: Getting status for Win7x64 2016-08-21 15:23:55,138 [modules.machinery.virtualbox] DEBUG: VBoxManage returns error checking status for machine Win7x64: VBoxManage: error: The object is not ready VBoxManage: error: Details: code E_ACCESSDENIED (0x80070005), component SessionMachine, interface IMachine, callee nsISupports VBoxManage: error: Context: "COMGETTER(BandwidthControl)(bwCtrl.asOutParam())" at line 2300 of file VBoxManageInfo.cpp

HelioCD avatar Aug 22 '16 03:08 HelioCD