Forensics
★★★★☆
Hard
Verification Required
Description
A company employee reported seeing a strange "security verification" while browsing. Shortly after completing the verification, their EDR flagged suspicious system and network activity.
The IR team captured a memory dump before the machine was reimaged.
Your task: Analyze the memory dump to determine what the user executed and extract any indicators of compromise.
Download: verification-required.7z (102 MB compressed)
Decompress:
Memory Dump Information (after decompression):
Compressed Archive Hashes:
Verify integrity after download:
The IR team captured a memory dump before the machine was reimaged.
Your task: Analyze the memory dump to determine what the user executed and extract any indicators of compromise.
Download: verification-required.7z (102 MB compressed)
Decompress:
7z x verification-required.7zMemory Dump Information (after decompression):
Filename: verification-required.elf
Size: 646 MB (677,273,236 bytes)
MD5: 4215310312f4a4a4bce4503d281537ce
SHA1: e09c188bd47f81d987cf9255b8415c1911dfcbf1
SHA256: e68e46d68a8bbb7a9646c345382a748544262479a40da53f57e9a6d167eeae31Compressed Archive Hashes:
Filename: verification-required.7z
Size: 102 MB (105,931,584 bytes)
MD5: 504e426aaf1b470ae8d72f32b7d4cb1c
SHA1: 8f7b293b2368c8e6be02e4c9353ef322cc748f65
SHA256: c4a053569ebd1a12dfa91f33aab6e42db6f7b82f71c283203e91c0c628e66843Verify integrity after download:
md5sum verification-required.7z
sha1sum verification-required.7z
sha256sum verification-required.7z🔒 Log in or create a free account to access this challenge.
Please log in to submit flags.
Hints
Hint #1
-20 XP
Hint #2
-40 XP
Hint #3
-60 XP
Discussion
No commentsLog in to comment.
No comments yet. Be the first!