Memory Forensics – RansomCare Investigation Case 1

In this case you are required analyze a memory dump of a Windows 10 system that has been hit with RansomCare.

  • E01 for the Memory Dump could be found: here
  • Find RansomCare’s code, dump it. and explain what happened to the victim system.
  • $100 bounty for whoever is able to solve this case.

For more details on RansomCare’s capabilities, please check our adversary simulation system “TARIQ” at here or come attend our Talk at TechnoSecurity 2023 titled “Are You Ready to be Ransomed? Run Ransomware Simulations Before You Become the Simulation” or workshop at DFRWS USA 2023.

End of Case.

About [email protected]

[Between Teams of Red and Blue, I'm with the Purple Team]
This entry was posted in Anti-Forensics, Challenges, Cyber 5W, DFIR, Forensics, Investigations, Malware and tagged , , , , , , , , . Bookmark the permalink.