https://hexpysya.github.io/tags/memory-analysis/Recent content in Memory Analysis on bubka hacks stuffHugo -- gohugo.ioen-usTue, 14 Apr 2026 00:00:00 +0000https://hexpysya.github.io/investigations/cdef-lockdown/Tue, 14 Apr 2026 00:00:00 +0000https://hexpysya.github.io/investigations/cdef-lockdown/An attacker performed SYN port scanning against an IIS server, enumerated open SMB shares, uploaded a webshell to the Documents share, triggered a reverse shell on port 4443, and established persistence via AgentTesla dropped into the Startup folder, which exfiltrated data via SMTP to cp8nl.hyperhost.ua.https://hexpysya.github.io/investigations/cdef-ramnit/Mon, 30 Mar 2026 00:00:00 +0000https://hexpysya.github.io/investigations/cdef-ramnit/Memory forensics of a compromised Windows host revealed ChromeSetup.exe spawned under explorer.exe, establishing a C2 connection to a Hong Kong-based IP. The dumped binary was identified as the Ramnit worm - flagged by 68/72 VirusTotal vendors.