BlackEnergy

Category : Digital Forensics

Volatility Windows Memory

667 Players

4.4 (206)

Medium

Which volatility profile would be best for this machine?

Weight : 10 | Solved : 397

How many processes were running when the image was acquired?

Weight : 10 | Solved : 381

What is the process ID of cmd.exe?

Weight : 10 | Solved : 408

What is the name of the most suspicious process?

Weight : 10 | Solved : 405

Which process shows the highest likelihood of code injection?

Weight : 10 | Solved : 386

There is an odd file referenced in the recent process. Provide the full path of that file.

Weight : 10 | Solved : 323

What is the name of the injected dll file loaded from the recent process?

Weight : 10 | Solved : 311

What is the base address of the injected dll?

Weight : 10 | Solved : 303

Scenario:

A multinational corporation has been hit by a cyber attack that has led to the theft of sensitive data. The attack was carried out using a variant of the BlackEnergy v2 malware that has never been seen before. The company's security team has acquired a memory dump of the infected machine, and they want you to analyze the dump to understand the attack scope and impact.