반응형

Secret Document - Forensics

 

A Classified.docx file is given.

However, this files is not docx file.

 

This file is pcap file.

 

Rename .docx to .pcapng, then convert pcapng to pcap (https://pcapng.com/) (for using networkminer).

 

 

Open a Projan.pcap with networkminer.

The windows Defender detect a malware.

 

Upload goog1e_born_help.exe to virustotal.

ponmocup

반응형

ImposterApp - forensics

A memdump file is given.

imageinfo

Win8SP0x64

 

pstree

chrome, ie ,cmd, powershell, calc

-> chromehistory, iehistory, cmdscan, clipboard ... : nothing

 

R-studio

calc.exe is suspicious.

procdump -p 2816

 

flag.

반응형
저작자표시 비영리 동일조건

'CTF Write Up' 카테고리의 다른 글

RCTS CERT CTF 2021 write up  (0) 2021.08.11
RTLxHA CTF 21 write up  (0) 2021.08.01
Securinets CTF Quals 2021 write up  (0) 2021.03.22
LINE CTF 2021 write up  (0) 2021.03.21
Codefest CTF 2021 Write up  (0) 2021.03.20

+ Recent posts

티스토리툴바