Analyse mémoire 2/5 - Origine de la menace

Description

There is indeed an active malware on the machine. We would like to understand how the attacker was able to execute it in memory. Identify the process that allowed the malware to be executed.

The flag is in the format FCSC{<process_name>:<process_id>} where:

<process_name> is the name of the process responsible for launching the malware, and
<process_id> is the Process ID (PID) of the process responsible for launching the malware.

For example: FCSC{malware.exe:42}.

This challenge is part of a serie that should be solved sequentially:

Analyse mémoire 1/5 - Exfiltration
Analyse mémoire 2/5 - Origine de la menace
Analyse mémoire 3/5 - Où est le pansement ?
Analyse mémoire 4/5 - Un échelon de plus dans la chaîne
Analyse mémoire 5/5 - Le commencement

Files

analyse-memoire.tar.xz
1.05 GiB – 59dbdb3d2e0eb219afc63fa086069b0e21cad79060ca3752b75e910058fce206

Author

haxom

Flag

You don't have JavaScript actived. No problem! You can check your flag like this: echo -n 'PUT_THE_FLAG_HERE' | sha256sum # possible output: 41801c1beb364b58d343dbf243289e6704dce44fb871e6c12f42eda64d43a269

Writeups

There are no public solutions for this challenge yet, but you can submit yours after getting the flag.