Unusual Process

150 XP 6 solves

Description

A security analyst discovered suspicious activity on a corporate workstation. A memory dump was captured during incident response for further analysis.

Your task: Analyze the memory dump, identify any suspicious processes, and extract evidence of compromise.

Download: unusual-process.7z (103 MB compressed)

Decompress:

7z x unusual-process.7z

Memory Dump Information (after decompression):

Filename:  unusual-process.elf
Size:      646 MB (677,273,236 bytes)
MD5:       c287052a1d1e48e24bec551c4c988c03
SHA1:      acb59991e2181aeca3297a657c9f95078a8f1b9c
SHA256:    594d67df3bbd5d10279b4b31fcf27279eb8cb29d9461a9d07e74657730a97858

Compressed Archive Hashes:

Filename:  unusual-process.7z
Size:      103 MB (107,770,952 bytes)
MD5:       8833bdb908601a2fbbe38b679624a8a2
SHA1:      1fd7c8baa9069fd42e9cda31020ca42d57c4bd52
SHA256:    85bf961fc250282688b4c657c772df7a086ec35d6acfc63db788af4be0aa7ddc

Verify integrity after download:

md5sum unusual-process.7z
sha1sum unusual-process.7z
sha256sum unusual-process.7z

📥 Download Files

Forensics Memory Analysis Windows Malware

Please log in to submit flags.

Hints

Hint #1 -10 XP

Hint #2 -15 XP

Hint #3 -20 XP

Discussion

No comments

No comments yet. Be the first!

🔥 First Blood

benchi 🩸 4d ago

Recent Solvers

hadined 1d ago

Snaxx 3d ago

Ardcord 3d ago

N04H 4d ago

MrNOODL3 4d ago

Statistics

XP Value 150

Solves 6

Likes 0

Added Jan 10, 2026

Challenge Author

Administrator

@admin

🚩 Report Issue

Found a bug or broken challenge?