VM CPU usage at 100% when using ie URL analysis package #333
Comments
|
Hi Sean, sorry not to get back to you earlier - are you still seeing this? |
|
Yes, I'm still seeing this after pulling the latest commit this morning |
|
@kevoreilly Bump |
|
Also occurs on your hosted instance. https://cape.contextis.com/analysis/87836/ |
|
Hmm I just tried with old loader and it seemed to work. So possibly an issue with the new loader and IE. Let me look into it. |
|
@kevoreilly Have you had a chance to look at this? |
|
Yes I just spent a while digging into this and have found the problem is due to a monitor code change which was attempting to mitigate problems with IcedID samples caused by a measure put in to allow VBCrypter samples to run (kevoreilly/capemon@f4fe2d5). I've just compiled a monitor reverting just this change and IE seems to load up again - please give the attached monitor a go and let me know. I'm not sure how to best fix this whilst keeping compatability with VBCrypter samples - I'll need to speak to the researcher who made that mod in the first place and work out if there isn't a better way. |
|
@kevoreilly My VMs are 64 bit. Can you build a 64 bit version? |
|
IE is 32-bit - even on 64-bit windoze ;-)
…On Mon, 23 Sep 2019, 21:32 Sean Whalen, ***@***.***> wrote:
@kevoreilly <https://github.com/kevoreilly> My VMs are 64 bit. Can you
build a 64 bit version?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#333?email_source=notifications&email_token=AFJQY4CNLEEOGBSJF5ODJ7DQLERV3A5CNFSM4HG54XI2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD7MFRJI#issuecomment-534272165>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AFJQY4EBKQUGLGTRXMLTQQ3QLERV3ANCNFSM4HG54XIQ>
.
|
|
Seeing the same issue. It goes in analyzer/windows/dll/, right? |
|
Oh dear - no IE window?
|
|
I'm gonna have to call it a night as it's getting late over here - but progress has been made, am hopeful we will nail this bug once we get to the bottom of it. |
Some recent change in the analysis package is causing CPU usage to stay at 100% without IE actually opening during a URL analysis with the ie package.
The text was updated successfully, but these errors were encountered: