CyberDefenders: BlueTeam CTF Challenges

Ransomed

SHA1SUM	74a7da23e602f66e768d34763c91a17502bdd9b3
Published	Jan. 28, 2022
Author	Gameel Ali
Size	961 KB
Tags	Reverse Engineering Malware Analysis Threat Hunting

Instructions	Uncompress the challenge (pass: cyberdefenders.org)

Your progress

0% Completed0/13 Questions

Your score

Last solve

Scenario:

After a successful breach, the SOC team found an executable, but they could not know what it does, so they sent it to you for further analysis.

#	Question	Weight	Solved
#1	What is the md5 hash of the file?	50	421
Hint Report an issue

#2	What is the value of entropy?	50	367
Hint Report an issue

#3	What is the number of sections?	50	390
Hint Report an issue

#4	What is the entropy of the .text section?	50	363
Hint Report an issue

#5	What is the name of the technique used to obfuscate string?	100	203
Hint Report an issue

#6	What is the API that used malware allocated memory to write shellcode?	100	178
Hint Report an issue

#7	What is the protection of allocated memory?	100	141
Hint Report an issue

#8	What assembly instruction is used to transfer execution to the shellcode?	150	102
Hint Report an issue

#9	What is the number of functions the malware resolves from kernel32?	100	139
Hint Report an issue

#10	The malware obfuscates two strings after calling RegisterClassExA. What is the first string?	100	94
Hint Report an issue

#11	What is the value of dwCreationFlags of CreateProcessA?	100	92
Hint Report an issue

#12	Malware uses a process injection technique. What is the name of it?	100	128
Hint Report an issue

#13	What is the API used to write the payload into the target process?	100	115
Hint Report an issue