CTFtime.org / NahamCon CTF 2022 / Brain Melt / Writeup

## Walkthrough

I want to preface this walkthrough by saying the way I solved this was *not* the intended solution.

For this challenge we're only given an attachment and a vague description so I did what most people would do when given a malicious binary, I ran it (in a virtualized environment of course). To track what it does I downloaded sysmon and installed SwiftOnSecurity's config file (my [Introductory Malware Analysis](/blog/malware_analysis_lab) blog post has instructions on how to do this), after installation I simply ran the binary.
Upon running the binary we get what looks to be a python console with this message:

### Running Brain-Melt
![image](https://nburns.tech/img/CTFs/NahamCon_2022/brain_run.png)

### Sysmon Logs
Lets see what sysmon picked up:

![image](https://nburns.tech/img/CTFs/NahamCon_2022/brain_process_start.png)

Here we can see brain-melt.exe starting, nothing interesting so far.

### Flag
![image](https://nburns.tech/img/CTFs/NahamCon_2022/brain_flag.png)

Bingo! Here's the flag! That was easy. This is something I do often when analyzing windows binaries for challenges (or for fun). You'd be surprised on what you can find when analyzing stuff like this.

Original writeup (https://nburns.tech/docs/CTFs/NahamCon_2022/Malware/Brain_Melt).

Brain Melt

Comments

Sign in with