dropper

We suspect that the provided memory dump corresponds to a machine that has been persistently infected by some type of malware, possibly a dropper. We would like to identify the malicious domain used by it.

Objectives

  • Investigate and determine the infection method and the malicious domain.

  • Perform advanced investigations using specific plugins to process operating system–specific artifacts.

Required Resources

  • Volatility

  • Volatility plugins

  • Download the practice here