win10-x64: analysis not completed yet (status=2) [lib.cuckoo.core.scheduler] ERROR: The analysis hit the critical timeout, terminating.

[SmartResearcherME]

Hi,

In have co figured cuckoo modified on ubuntu 14.04 and a win10-sp1-x64 vm as sandbox guest (disabled UAC, Disabled windows defender, disabled firewall ) and agent.py is running with administrator privileges.

On submitting sample sample is copied successful but behavioral analysis don't seems to performed. As log say only results of static analysis. I once performed analysis on win10-x64 without any issue and dynamic analysis was also being reported but my pc crash and rebuild cockoo and win10x64.

I even tried creating file in c:\abc.tx with admin privileged and it allows me to do that.

analysis not completed yet (status=2)
[lib.cuckoo.core.scheduler] ERROR: The analysis hit the critical timeout, terminating.
[lib.cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer

Please suggest @brad-accuvant

Regrads,

[SmartResearcherME]

Any suggestion @brad-accuvant ?

[Abdullah-Mughal]

@SmartResearcherME it seems your network is not configured properly. Please validate;

• Network settings for both (Host & Guest)
• Firewall settings in case if you have configured cuckoo sandbox in network

And please try to share debug level logs.
Thanks

[HelioCD]

Hello,
I'm running into the same error on my Win7 64bit. Below is my debug level logs.

I have host-only network set up at the guest system, and port forwarding set up at host (Ubuntu) system, so guest is able to access internet. Host and guest are able to ping each other. Firewall and UAC are turned off in guest. The python agent is set and verified to run at startup.

Is there anything else I'm missing?

Thanks

---

2016-08-21 15:20:29,103 [lib.cuckoo.core.scheduler] INFO: Task #11: File already exists at '/opt/cuckoo-modified/storage/binaries/8a314547980f98fe1d19a816626da2eba20554714661ae14c7ad595bcd688d07'
2016-08-21 15:20:29,139 [lib.cuckoo.core.scheduler] INFO: Task #11: acquired machine Win7x64 (label=Win7x64)
2016-08-21 15:20:29,172 [modules.machinery.virtualbox] DEBUG: Starting vm Win7x64
2016-08-21 15:20:29,174 [modules.machinery.virtualbox] DEBUG: Getting status for Win7x64
2016-08-21 15:20:29,980 [modules.machinery.virtualbox] DEBUG: Machine Win7x64 status poweroff
2016-08-21 15:20:30,056 [modules.machinery.virtualbox] DEBUG: Using current snapshot for virtual machine Win7x64
2016-08-21 15:20:30,196 [modules.machinery.virtualbox] DEBUG: Getting status for Win7x64
2016-08-21 15:20:31,186 [modules.machinery.virtualbox] DEBUG: Machine Win7x64 status saved
2016-08-21 15:20:42,194 [modules.machinery.virtualbox] DEBUG: Getting status for Win7x64
2016-08-21 15:20:42,462 [modules.machinery.virtualbox] DEBUG: Machine Win7x64 status running
2016-08-21 15:20:42,563 [modules.auxiliary.sniffer] INFO: Started sniffer with PID 9431 (interface=vboxnet0, host=192.168.56.101, dump path=/opt/cuckoo-modified/storage/analyses/11/dump.pcap)
2016-08-21 15:20:42,564 [lib.cuckoo.core.plugins] DEBUG: Started auxiliary module: Sniffer
2016-08-21 15:20:42,564 [lib.cuckoo.core.plugins] DEBUG: Started auxiliary module: Tor
2016-08-21 15:20:42,568 [lib.cuckoo.core.guest] INFO: Starting analysis on guest (id=Win7x64, ip=192.168.56.101)
2016-08-21 15:20:42,570 [lib.cuckoo.core.guest] DEBUG: Win7x64: waiting for status 0x0001
2016-08-21 15:20:49,589 [lib.cuckoo.core.guest] DEBUG: Win7x64: status ready
2016-08-21 15:20:49,630 [lib.cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=Win7x64, ip=192.168.56.101)
2016-08-21 15:20:50,353 [lib.cuckoo.core.guest] DEBUG: Win7x64: analyzer started with PID 2688
2016-08-21 15:20:50,353 [lib.cuckoo.core.guest] DEBUG: Win7x64: waiting for completion
2016-08-21 15:20:51,358 [lib.cuckoo.core.guest] DEBUG: Win7x64: analysis not completed yet (status=2)
2016-08-21 15:20:52,407 [lib.cuckoo.core.guest] DEBUG: Win7x64: analysis not completed yet (status=2)
2016-08-21 15:20:53,413 [lib.cuckoo.core.guest] DEBUG: Win7x64: analysis not completed yet (status=2)
2016-08-21 15:23:51,318 [lib.cuckoo.core.scheduler] ERROR: The analysis hit the critical timeout, terminating.
2016-08-21 15:23:51,366 [lib.cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2016-08-21 15:23:51,367 [lib.cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Tor
2016-08-21 15:23:51,368 [modules.machinery.virtualbox] DEBUG: Stopping vm Win7x64
2016-08-21 15:23:51,368 [modules.machinery.virtualbox] DEBUG: Getting status for Win7x64
2016-08-21 15:23:52,285 [modules.machinery.virtualbox] DEBUG: Machine Win7x64 status running
2016-08-21 15:23:53,330 [modules.machinery.virtualbox] DEBUG: Getting status for Win7x64
2016-08-21 15:23:55,138 [modules.machinery.virtualbox] DEBUG: VBoxManage returns error checking status for machine Win7x64: VBoxManage: error: The object is not ready
VBoxManage: error: Details: code E_ACCESSDENIED (0x80070005), component SessionMachine, interface IMachine, callee nsISupports
VBoxManage: error: Context: "COMGETTER(BandwidthControl)(bwCtrl.asOutParam())" at line 2300 of file VBoxManageInfo.cpp