Comments (8)
This happens on a 32-bit and 64-bit VM. Base install with and without IE tweaks.
from cape.
I've just tested using 'ie' package with IE 11.0.9600.17728 and no crashes here...
from cape.
I'll check the IE build version. I've downgraded to IE 8 on two VMs and no errors occur.
from cape.
yep here also crashes with ie 11, will provide build later
from cape.
I have Version: 11.0.9600.17843
Update Versions: 11.0.20 (KB3058515)
This is installed by default by my Win 7 installation media.
If I uninstall the update, it drops to IE 8.
from cape.
Would you mind testing this again? I am naively hoping the sands of time will have fixed this issue...
from cape.
2018-12-05 10:57:15,901 [root] DEBUG: CAPE initialised: 32-bit base package loaded in process 928 at 0x74350000, image base 0x1140000, stack from 0x162000-0x170000
2018-12-05 10:57:15,901 [root] DEBUG: Commandline: C:\Users\donovan\AppData\Local\Temp\"C:\Program Files (x86)\Internet Explorer\iexplore.exe" "C:\Users\donovan\AppData\Local\Temp\some.html".
2018-12-05 10:57:15,901 [root] INFO: Monitor successfully loaded in process with pid 928.
2018-12-05 10:57:15,917 [root] DEBUG: DLL loaded at 0x74420000: C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0 (0x4000 bytes).
2018-12-05 10:57:15,917 [root] DEBUG: DLL loaded at 0x75AB0000: C:\Windows\syswow64\shell32 (0xc4a000 bytes).
2018-12-05 10:57:15,917 [root] DEBUG: DLL loaded at 0x74490000: C:\Windows\system32\apphelp (0x4c000 bytes).
2018-12-05 10:57:15,931 [root] INFO: Announced 64-bit process name: iexplore.exe pid: 940
2018-12-05 10:57:15,931 [root] INFO: Added new process to list with pid: 940
2018-12-05 10:57:15,931 [lib.api.process] DEBUG: Using QueueUserAPC injection.
2018-12-05 10:57:15,931 [lib.api.process] INFO: 64-bit DLL to inject is C:\ckufwkpe\dll\FbdgYy.dll, loader C:\ckufwkpe\bin\ZMPASRFr.exe
2018-12-05 10:57:15,947 [lib.api.process] INFO: Injected into suspended 64-bit process with pid 940
2018-12-05 10:57:15,947 [root] INFO: Disabling sleep skipping.
2018-12-05 10:57:15,994 [root] DEBUG: Terminate processes on terminate_event enabled.
2018-12-05 10:57:16,009 [root] DEBUG: Process dumps enabled.
2018-12-05 10:57:16,009 [root] INFO: Disabling sleep skipping.
2018-12-05 10:57:16,026 [root] WARNING: Unable to place hook on LockResource
2018-12-05 10:57:16,026 [root] WARNING: Unable to hook LockResource
2018-12-05 10:57:16,026 [root] DEBUG: CAPE initialised: 64-bit base package loaded in process 940 at 0x0000000074280000, image base 0x000000013FFC0000, stack from 0x00000000002B2000-0x00000000002C0000
2018-12-05 10:57:16,042 [root] DEBUG: Commandline: C:\Users\donovan\AppData\Local\Temp\"C:\Program Files\Internet Explorer\IEXPLORE.EXE" "C:\Users\donovan\AppData\Local\Temp\some.html".
2018-12-05 10:57:16,042 [root] INFO: Monitor successfully loaded in process with pid 940.
2018-12-05 10:57:16,042 [root] DEBUG: DLL loaded at 0x000007FEFD160000: C:\Windows\system32\CRYPTBASE (0xf000 bytes).
2018-12-05 10:57:16,056 [root] DEBUG: DLL loaded at 0x000007FEF4F60000: C:\Windows\system32\IEFRAME (0xdc3000 bytes).
2018-12-05 10:57:16,056 [root] DEBUG: DLL loaded at 0x000007FEFF780000: C:\Windows\system32\OLEAUT32 (0xd7000 bytes).
2018-12-05 10:57:16,056 [root] DEBUG: DLL loaded at 0x000007FEFBD30000: C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32 (0x1f4000 bytes).
2018-12-05 10:57:16,072 [root] DEBUG: DLL loaded at 0x000007FEF3600000: C:\Program Files\Internet Explorer\IEShims (0x62000 bytes).
2018-12-05 10:57:16,072 [root] DEBUG: DLL loaded at 0x000007FEFD6C0000: C:\Windows\system32\comdlg32 (0x97000 bytes).
2018-12-05 10:57:16,088 [root] DEBUG: DLL loaded at 0x000007FEFE450000: C:\Windows\system32\urlmon (0x185000 bytes).
2018-12-05 10:57:16,088 [root] DEBUG: DLL loaded at 0x000007FEFD470000: C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0 (0x4000 bytes).
2018-12-05 10:57:16,104 [root] DEBUG: DLL loaded at 0x000007FEFD9B0000: C:\Windows\system32\WININET (0x25a000 bytes).
2018-12-05 10:57:16,104 [root] DEBUG: DLL loaded at 0x000007FEFD4F0000: C:\Windows\system32\USERENV (0x1e000 bytes).
2018-12-05 10:57:16,104 [root] DEBUG: DLL loaded at 0x000007FEFD310000: C:\Windows\system32\profapi (0xf000 bytes).
2018-12-05 10:57:16,119 [root] DEBUG: DLL loaded at 0x000007FEF7CE0000: C:\Program Files\Internet Explorer\sqmapi (0x48000 bytes).
2018-12-05 10:57:16,119 [root] DEBUG: DLL unloaded from 0x0000000077430000.
2018-12-05 10:57:16,119 [root] DEBUG: DLL unloaded from 0x000007FEF7CE0000.
2018-12-05 10:57:16,151 [root] DEBUG: DLL loaded at 0x000007FEFD100000: C:\Windows\system32\apphelp (0x57000 bytes).
2018-12-05 10:57:16,151 [root] INFO: Announced 64-bit process name: WerFault.exe pid: 2544
2018-12-05 10:57:16,151 [root] INFO: Added new process to list with pid: 2544
2018-12-05 10:57:16,151 [lib.api.process] DEBUG: Using QueueUserAPC injection.
2018-12-05 10:57:16,151 [lib.api.process] INFO: 64-bit DLL to inject is C:\ckufwkpe\dll\FbdgYy.dll, loader C:\ckufwkpe\bin\ZMPASRFr.exe
2018-12-05 10:57:16,165 [lib.api.process] INFO: Injected into suspended 64-bit process with pid 2544
2018-12-05 10:57:16,229 [root] DEBUG: Terminate processes on terminate_event enabled.
2018-12-05 10:57:16,229 [root] DEBUG: Process dumps enabled.
2018-12-05 10:57:16,229 [root] INFO: Disabling sleep skipping.
2018-12-05 10:57:16,243 [root] WARNING: Unable to place hook on LockResource
2018-12-05 10:57:16,243 [root] WARNING: Unable to hook LockResource
2018-12-05 10:57:16,259 [root] DEBUG: CAPE initialised: 64-bit base package loaded in process 2544 at 0x0000000074280000, image base 0x00000000FF6D0000, stack from 0x0000000000175000-0x0000000000180000
2018-12-05 10:57:16,259 [root] DEBUG: Commandline: C:\Windows\sysnative\WerFault.exe -u -p 940 -s 376.
2018-12-05 10:57:16,259 [root] INFO: Monitor successfully loaded in process with pid 2544.
from cape.
Still crashing.
from cape.
Related Issues (20)
- Alembic not updating db properly HOT 5
- Error when installing from requirements.txt HOT 4
- VPN not selectable in Web Interface HOT 36
- x64 DLL Extraction module doesn't work HOT 1
- Which commit was capemon.dll compiled from HOT 4
- Small bug on web UI submission template HOT 1
- File not detected as being in VT HOT 2
- Injection vs Extraction HOT 4
- Agent.py HOT 3
- KeyError: (<weakref at 0x7fbf4a8f5d68; to 'function' at 0x7fbf43b9dd90 (go)>,) HOT 4
- Permission for Scraping https://www.capesandbox.com/analysis/ HOT 2
- [Feature Request] Add support for Unfurl HOT 1
- Invalid URL under C2Server HOT 1
- Memory Dump on proxmox HOT 1
- Samples not analyzed on Linux guest (Ubuntu 18.04 32-bits) HOT 2
- The PCAP file does not exist
- Result Server Binding error HOT 1
- Cape Sandbox linux analysis
- Linux Analysis of Cape Sandbox
- Getting zero mal score in linux analysis
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cape.