Forensics
This is a memory dump of compromised system, do some forensics kung-fu to explore the inside.
hard
60 min
To access material, start machines and answer questions login.
This is a memory dump of the infected system. Download the file attached to this Task.
The MD5 hash of the uncompressed file is: ba44c4b977d28132faeb5fb8b06debce
Download the victim.zip
What is the Operating System of this Dump file? (OS name)
What is the PID of SearchIndexer?
What is the last directory accessed by the user?
(The last folder name as it is?)
Dig a little more...
There are many suspicious open ports; which one is it? (ANSWER format: protocol:port)
Vads tag and execute protection are strong indicators of malicious processes; can you find which they are? (ANSWER format: Pid1;Pid2;Pid3)
In the previous task, you identified malicious processes, so let's dig into them and find some Indicator of Compromise (IOC). You just need to find them and fill in the blanks (You may search for them on VirusTotal to discover more details).
'www.go****.ru' (write full url without any quotation marks)
'www.i****.com' (write full url without any quotation marks)
'www.ic******.com'
202.***.233.*** (Write full IP)
***.200.**.164 (Write full IP)
209.190.***.***
What is the unique environmental variable of PID 2464?
Created by
Room Type
Free Room. Anyone can deploy virtual machines in the room (without being subscribed)!
Users in Room
4,235
Created
2296 days ago
Ready to learn Cyber Security? Create your free account today!
TryHackMe provides free online cyber security training to secure jobs & upskill through a fun, interactive learning environment.
Already have an account? Log in