A Windows Endpoint was recently compromised. Thanks to our cutting-edge EDR/IDS solution we immediately noticed it. The alert was escalated to Tier 2 (Incident Responders) for further investigation. As our Forensics guy, you were given the memory dump of the compromised host. You should continue to investigate.

File location: /root/Desktop/ChallengeFile/MemoryDump.zip

File Password: infected

Volatility2 Command: vol.py

Volatility3 Command: vol

This challenge prepared by 0xCyberJunkie.sh

Walkthrough:
LetsDefend — Memory Analysis Challenge Walkthrough

Memory forensics Challenge (Letsdefend)

DFIR - Memory Analysis

LetsDefend: Memory Dumper

LetsDefend challenge Memory Analysis writeup