ECIHv3 Module 04 Handling and Responding to Malware Incident

EC-Council Report generated on : 03 Oct 2023 23:23 PM Player Details User BFaw Lab Id 7115076830874693892 Lab name ECIHv3 Module 04 Handling and Responding to Malware Incident Score 99 Possible score 99 Date played 03 Oct 2023 20:55 PM Flag Details Name Course Task Status Hints used Score In the Incident Response machine, use a remote desktop connection app to remotely investigate the security incident on the malware-infected machine “Marketing Deptâ€. Identify the IP address of the infected machine. ECIHv3 Scenario 1: Handling and Responding to Malware Security Incident Completed 0 10/10 In the Marketing Dept machine, perform dynamic analysis remotely from the Incident Response machine using the Process Monitor tool located at E:\ECIH-Tools\ECIHv3 Module 04 Handling and Responding to Malware Incidents\Malware Analysis Tools\Dynamic Malware Analysis Tools\Process Monitoring Tools\Process Monitor and identify the suspected malicious file running in the machine. ECIHv3 Scenario 1: Handling and Responding to Malware Security Incident Completed 0 10/10 Use the BinText tool located at E:\ECIH-Tools\ECIHv3 Module 04 Handling and Responding to Malware Incidents\Malware Analysis Tools\Static Malware Analysis Tools\String Searching Tools\BinText in the Marketing Dept machine to perform static malware analysis on the malicious file identified in the previous flag. (No answer is required. Write “skip†as the answer to skip this flag.) ECIHv3 Scenario 1: Handling and Responding to Malware Security Incident Completed 0 10/10 In the Marketing Dept machine, use the MalwareBytes tool located at E:\ECIH-Tools\ECIHv3 Module 04 Handling and Responding to Malware Incidents\Anti-Virus Software\MalwareBytes to scan the infected system and permanently delete the identified malicious file. Name the MalwareBytes option to remove the identified malicious files from the system. ECIHv3 Scenario 1: Handling and Responding to Malware Security Incident Completed 0 10/10 In the Operations Dept machine, launch the Wireshark tool and select the ethernet adapter to capture incoming and outgoing network traffic. (No answer is required. Write “skip†as the answer to skip this flag.) ECIHv3 Scenario 2: Handling and Responding to Ransomware Attack Completed 0 10/10 In the Operations Dept machine, use the ZoneAlarm tool located at C:\ECIH-Tools\ECIHv3 Module 04 Handling and Responding to Malware Incidents\ZoneAlarm FIREWALL to block the attacker's IP address from which the packets are coming to contain the security incident. Which among the ANTIVIRUS, FIREWALL, and MOBILITY options did you need to use to block the incoming traffic from the attacker’s machine? ECIHv3 Scenario 2: Handling and Responding to Ransomware Attack Completed 0 10/10 Use the Sales Dept machine to launch a ransomware attack using the Infection Monkey simulator on the target machine Operations Dept and encrypt the “Confidential Data†folder located at C:\Users\Administrator\Desktop. Identify the exploit used on the Exploits page to launch a ransomware attack on the target machine. (Note: Access the Infection Monkey simulator at https://10.10.10.17:5000 using credentials admin/password.) ECIHv3 Scenario 2: Handling and Responding to Ransomware Attack Completed 0 10/10 Open the Wireshark tool on the Operations Dept machine and observe a large number of packets that Wireshark is capturing. Identify the incoming packets from the attacker’s machine and note down its IP address. ECIHv3 Scenario 2: Handling and Responding to Ransomware Attack Completed 0 10/10 In the victim machine (Operations Dept), launch Server Manager and use the Windows Server Backup tool to recover “Confidential Data†folder from the remote Backup Server machine. (No answer is required. Write “skip†as the answer to skip this flag.) ECIHv3 Scenario 2: Handling and Responding to Ransomware Attack Completed 0 9/9