Scenario

ABC Industries worked day and night for a month to prepare a tender document for a prestigious project that would secure the company’s financial future. The company was hit by ransomware, believed to be conducted by a competitor, and the final version of the tender document was encrypted. Right now they are in need of an expert who can decrypt this critical document. All we have is the network traffic, the ransom note, and the encrypted ender document. Do your thing Defender!

https://blueteamlabs.online/home/challenge/network-analysis-ransomware-3dd520c7ec

1- What is the operating system of the host from which the network traffic was captured?

32-bit Windows 7 Service Pack 1, build 7601

Screenshot 2025-06-29 030828.png

will find the answer in capture file properties

2- What is the full URL from which the ransomware executable was downloaded?

http://10.0.2.15:8000/safecrypt.exe

Screenshot 2025-06-29 030900.png

url so i filter with http and get the answer

3- Name the ransomware executable file?

safecrypt.exe

from the previous question