Analyse mémoire 2/5 - Origine de la menace

forensics windows memory FCSC 2025 solved on

star

Description

There is indeed an active malware on the machine. We would like to understand how the attacker was able to execute it in memory. Identify the process that allowed the malware to be executed.

The flag is in the format FCSC{<process_name>:<process_id>} where:

  • <process_name> is the name of the process responsible for launching the malware, and
  • <process_id> is the Process ID (PID) of the process responsible for launching the malware.

For example: FCSC{malware.exe:42}.

This challenge is part of a serie that should be solved sequentially:

Files

Author

haxom

Flag

Share my success on Fediverse, Twitter, Linkedin, Facebook, or via email.

Submit your solution

You can submit your writeup for this challenge. Read the FAQ to learn how to proceed.

You need to be logged in to submit a writeup.

Writeups

I've been looking for a long time and I still can't find the flag!

You can vote for the solutions you prefer by using the on their respective pages.

DateAuthor Language Tags
2025-06-05
Cyrhades
🇫🇷