Question

In: Other

Malware is suspected on a server in the environment. The analystis provided with the output...

Malware is suspected on a server in the environment. The analyst is provided with the output of commands
from servers in the environment and needs to review all output files in order to determine which process
running on one of the servers may be malware.

Instructions:
Servers 1, 2 and 4 are clickable. Select the Server which hosts the malware, and select the process which
hosts this malware.
If any time you would like to bring back the initial state of the simulation, please select the Reset button. When
01FBAEF084FA42B3BDA0C32C94CD0BF3
you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.

Have to pick either server 1, server 2, or server 4. Than pick one process from the process list.


X Server2 Log C:\Windows\system32>netstat -ano PID 716 Active Connections Proto Local Address Foreign Address State TCP 0.0.0x Server4 Log C:\Users\Team3>netstat - oan Active Connections Proto Local Address Foreign Address State TCP 0.0.0.0:49154 0.0x Server1 Log C:\Users Team3>netstat-oan Active Connections Proto Local Address Foreign Address State ICP 0.0.0.0:49154 0.0.0Network Diagram for Company A INTERNAL DMZ Server3 192.168.50.5 Linux Server 1 10.1.1.2 Windows Firewall Two Zones: DMZ, INTE


Solutions

Expert Solution

The correct answer to the question is Server 4 & the process infected is Svchost.exe

Explaination:-

  • The IPs are within the RFC1918 class B range of 172.16.0.0 – 172.31.255.255
  • Both Server 1 & 4 (internal) have same communication with same IPs, for the same RDP(Remote Desktop Protocol [responsible for remote connecting to servers or computers with the same Windows OS])
  • which shows they are remotely managed by the system administrator
  • A connection between Server 1 & 4 is establishing with notepad.exe on server1 is connecting to port 443 on server 4

As per the question in logical perspective, server can be the webserver where svchost.exe is listening to different port rather than 443 & server 1(on DMZ) is trying to access internal network on Server4 [which is malicious]


Related Solutions

An organization has decided to move from a windows server environment to a Linux Server Environment....
An organization has decided to move from a windows server environment to a Linux Server Environment. The organization requires to offer email, web, fileshare, printing services to its users which are predominantly using MAc OS and windows clients. These services would be provisioned from the newly created Linux server. a) Outline some of the issues the system administrator needs to consider when designing the solution? b) How would you resolve the issues ? c) What tools would you use in...
In the provided client and server code, the server can serve to single client at a...
In the provided client and server code, the server can serve to single client at a time. You have to change server.java code so that it can connect and serve multiple clients at the same time. Use multithreading. =============================================================================== import java.io.*; import java.net.*; public class Client { public static void main(String[] args) throws IOException { String serverHostname = new String ("127.0.0.1"); if (args.length > 0) { //pass the hsotname through cmd argument serverHostname = args[0]; } System.out.println ("Attemping to connect...
Discuss the components that are part of a save virtual environment to conduct malware analysis and...
Discuss the components that are part of a save virtual environment to conduct malware analysis and why is taking snapshots important.
Research methodologies and tools to set up a safe environment to analyze malware as well as...
Research methodologies and tools to set up a safe environment to analyze malware as well as methods to test exploits. Minimum 3 pages for basic analysis 1.basic static techniques 2.malware analysis in virtual machines 3. basic Dynamic analysis Research methodologies and tools to set up a safe environment to analyze malware as well as methods to test exploits. Minimum 3 pages for advanced static analysis 1.analyzing malicious windows programs. Research methodologies and tools to set up a safe environment to...
You are provided with the amino acid sequence of an important human protein that is suspected...
You are provided with the amino acid sequence of an important human protein that is suspected to be membrane protein. How can you analyze the amino acid sequence to try to find out more information on the transmembrane nature of this protein and the region of the protein that is likely to be in the membrane?
13. Which of the following is an example of economic output that can injure the environment?...
13. Which of the following is an example of economic output that can injure the environment? a. gold mine discharging arsenic into a natural lake it’s using for a tailings pond b. paper mill discharging raw chemical waste into a river c. excessive clear cutting of wood resources by logging companies d. radio-active waste leaking into a river, and all of the above 14.  Game Theory is the The branch of mathematics used by economists to analyze situations in which players...
1. What is meant by malware/viruses? What is their history? Are malware and/or viruses recent developments...
1. What is meant by malware/viruses? What is their history? Are malware and/or viruses recent developments in computer technology or have they been around for a while? What piece of malware/virus are choosing to write about and why?  
-Describe briefly the basic difference in service provided by an email server using POP3 protocol compared...
-Describe briefly the basic difference in service provided by an email server using POP3 protocol compared to an email server using IMAP protocol. Please don't copy and paste from the internet. Thank you
What are some types of malware?
What are some types of malware?
Describe the malware detection symptoms
Describe the malware detection symptoms
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT