Memory Forensics – RansomCare Investigation Case 1

Posted on 21 May 2023 by [email protected]

In this case you are required analyze a memory dump of a Windows 10 system that has been hit with RansomCare.

E01 for the Memory Dump could be found: here
Find RansomCare’s code, dump it. and explain what happened to the victim system.

$100 bounty for whoever is able to solve this case.

For more details on RansomCare’s capabilities, please check our adversary simulation system “TARIQ” at here or come attend our Talk at TechnoSecurity 2023 titled “Are You Ready to be Ransomed? Run Ransomware Simulations Before You Become the Simulation” or workshop at DFRWS USA 2023.

End of Case.

About [email protected]

[Between Teams of Red and Blue, I'm with the Purple Team]

View all posts by [email protected] →

This entry was posted in Anti-Forensics, Challenges, Cyber 5W, DFIR, Forensics, Investigations, Malware and tagged anti-forensics, Case Study, Challenge, DFIR, Investigation, Malware, memory forensics, RansomCare, Ransomware. Bookmark the permalink.

Memory Forensics – RansomCare Investigation Case 1

About [email protected]

Recent Posts

Categories

Archives