Scenario

A SOC analyst took a memory dump from a machine infected with a meterpreter malware. As a Digital Forensicators, your job is to analyze the dump, extract the available indicators of compromise (IOCs) and answer the provided questions.

https://cyberdefenders.org/blueteam-ctf-challenges/dumpme/

1- What is the SHA1 hash of Triage-Memory.mem (memory dump)?

C95E8CC8C946F95A109EA8E47A6800DE10A27ABD

sha1sum

2- What volatility profile is the most appropriate for this machine? (ex: Win10x86_14393)

Win7SP1x64

to determine the suitable profile we use imageinfo plugin

3- What was the process ID of notepad.exe?

3032