WannaCry Ransomware Investigation
Analyze a real-world ransomware incident by examining volatile memory artifacts from an infected system. In this investigation, you'll uncover malicious processes, trace encryption activity, identify persistence mechanisms, and reconstruct the complete attack timeline. Through hands-on RAM analysis, you'll develop practical skills in detecting ransomware behavior, extracting indicators of compromise, and understanding how adversaries deploy file-encrypting malware across enterprise networks
By CyberTask Engineer ยท Easy level
16
Tasks
1
Sections
115
Points
1 hr
Duration
What You'll Learn
- Investigate a WannaCry ransomware infection through memory forensics
- Identify malicious processes, persistence mechanisms, and kill switch domains
- Extract malware artifacts and map indicators of compromise (IOCs)
Prerequisites
- Basic understanding of Windows internals
- Familiarity with ransomware concepts
Tools & Technologies
Volatility Framework
Strings
VirusTotal
Linux CLI
Ready to Begin?
Sign in or create an account to start this lab and earn points.