I have a problem with Cuckoo Sandbox and its memory dump it should generate in order to be able to analyse it with Volatility.
My issue is:Cuckoo's log files telling me that a memory dump has successfully been generated but it can not access them because they can not be found. Manually looking for them in the directory confirms that they do not exist. Cuckoo tells me to enable memory_dump in cuckoo.conf which is enabled.
My Cuckoo version and operating system are:Cuckoo: 2.0.6 Host: Ubuntu 18.04.1 LTS Guest: Win7 Ultimate, Service Pack 1, 32-bit
Those are my config files:cuckoo.conf
memory_dump = yes
memory.conf
guest_profile = Win7SP1x86
delete_memdump = no
processing.conf
[memory]
enabled = yes
This is the output of the cuckoo.log:
INFO: Successfully generated memory dump for virtual machine with label Win7 to path /home/test/.cuckoo/storage/analyses/1/memory.dmp
[...]
ERROR: VM memory dump not found: to create VM memory dumps you have to enable memory_dump in cuckoo.conf!
Any kind of help is appreciated. If you need any more information from me please let me know
Edit: Only memory dump of full machine is not being generated. If malware is injected in a new process then memory dump is generated as shown in the report.json
INFO: injected into process with pid 3844 and name 'iexplorer.exe'
INFO: memory dump of process with pid 3844 completed
and I can also find the 3844-1.dmp file in the directory