Ransomémoire 3/3 - Doppelgänger

forensics memory windows FCSC 2023 solved on

star star star

Description

You don’t understand how the agent you found in Ransomware 2/3 - Début d'investigation could be on the machine (Note: you don’t need to have solved this challenge to solve Ransomware 3/3 - Doppelgänger). You suspect that there is a sleeping agent, hiding somewhere in memory…

The flag is case insensitive and follows the format FCSC{<pid>:<ip>:<port>} where:

  • <pid> is the PID of the malicious process and
  • <ip> and <port> are the parameters of the connection with the C&C.

This challenge has been split into four parts:

Files

  • fcsc.7z
    591.28 MiB – 754cb093af343356827d650270f9faa56cc4c44f44243ea08590edb1bc270b5e

Author

haxom

Flag

Share my success on Fediverse, Twitter, Linkedin, Facebook, or via email.

Submit your solution

You can submit your writeup for this challenge. Read the FAQ to learn how to proceed.

You need to be logged in to submit a writeup.

Writeups

I've been looking for a long time and I still can't find the flag!

You can vote for the solutions you prefer by using the on their respective pages.

DateAuthor Language Tags Vote
2023-11-06
naacbin
🇬🇧
TeamFrance