ctxis
VM CPU usage at 100% when using ie URL analysis package
Some recent change in the analysis package is causing CPU usage to stay at 100% without IE actually opening during a URL analysis with the ie package.
Hi Sean, sorry not to get back to you earlier - are you still seeing this?
Yes, I'm still seeing this after pulling the latest commit this morning
Also occurs on your hosted instance. https://cape.contextis.com/analysis/87836/
Hmm I just tried with old loader and it seemed to work. So possibly an issue with the new loader and IE. Let me look into it.
Yes I just spent a while digging into this and have found the problem is due to a monitor code change which was attempting to mitigate problems with IcedID samples caused by a measure put in to allow VBCrypter samples to run (https://github.com/kevoreilly/capemon/commit/f4fe2d5470bf5fadd0b3f502caad1be83f34a977).
I've just compiled a monitor reverting just this change and IE seems to load up again - please give the attached monitor a go and let me know.
I'm not sure how to best fix this whilst keeping compatability with VBCrypter samples - I'll need to speak to the researcher who made that mod in the first place and work out if there isn't a better way.
IE is 32-bit - even on 64-bit windoze ;-)
On Mon, 23 Sep 2019, 21:32 Sean Whalen, [email protected] wrote:
@kevoreilly https://github.com/kevoreilly My VMs are 64 bit. Can you build a 64 bit version?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/ctxis/CAPE/issues/333?email_source=notifications&email_token=AFJQY4CNLEEOGBSJF5ODJ7DQLERV3A5CNFSM4HG54XI2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD7MFRJI#issuecomment-534272165, or mute the thread https://github.com/notifications/unsubscribe-auth/AFJQY4EBKQUGLGTRXMLTQQ3QLERV3ANCNFSM4HG54XIQ .
I'm gonna have to call it a night as it's getting late over here - but progress has been made, am hopeful we will nail this bug once we get to the bottom of it.