Analyse mémoire 4/5 - Un échelon de plus dans la chaîne

forensics windows memory FCSC 2025 solved on

star star star

Description

Following your analysis, our teams decided to completely reinstall the operating system on the machine to clean it. However, after the system was reinstalled, the same malware you identified is still present and continues to communicate with the attacker’s C2 server. We therefore suspect that a deeper persistence mechanism is present on the user’s system, and we believe a Device has been registered to pre-position itself during system startup.

The flag is in the format FCSC{<device_name>} where:

  • <device_name> is the name of the malicious Device.

For example: FCSC{MyVirtualMouse}.

This challenge is part of a serie that should be solved sequentially:

Files

Author

haxom

Flag

Share my success on Fediverse, Twitter, Linkedin, Facebook, or via email.

Submit your solution

You can submit your writeup for this challenge. Read the FAQ to learn how to proceed.

You need to be logged in to submit a writeup.

Writeups

I've been looking for a long time and I still can't find the flag!

You can vote for the solutions you prefer by using the on their respective pages.

DateAuthor Language Tags
2026-03-06
noahlgrd01
🇫🇷