CryptoLocker v1

forensics memory windows FCSC 2020 solved on

star

Description

One of our administrator has been called after a CryptoLocker has been executed on a highly sensible serveur, right after applying an update provided by a third-party service provider. This malware specifically targets a file that could ruin the company: it is very important to recover it. The administrator tells us that to prevent the malware from spreading, she paused the virtual machine and dumped its memory as soon as she detected the attack. You are our only hope.

Files

Author

haxom

Flag

Share my success on Fediverse, Twitter, Linkedin, Facebook, or via email.

Submit your solution

You can submit your writeup for this challenge. Read the FAQ to learn how to proceed.

You need to be logged in to submit a writeup.

Writeups

I've been looking for a long time and I still can't find the flag!

You can vote for the solutions you prefer by using the on their respective pages.

DateAuthor Language Tags Vote
2024-06-14
lrstx
🇫🇷