Malware Analysis: Memory Forensics with Volatility 3
Striking out again.
The right answer is “Cridex”, but neither the DLLs nor the process image of csrss.exe I extracted with Volatility 3 were flagged with this in VirusTotal or Hybrid Analysis (the best I got were Win32Evo-Gen and a whole bunch of heuristic matches). Digging in a bit deeper, it looks like none of these files match the extracted images pulled out by Volatility 2.
This is probably the worst I’ve done on one of these rooms - I’ve failed to meet many of the objectives, and I’m failing to understand why I failed.
Maybe something’s up with my install of Volatility 3?