These are some memory samples from some CTFs or simulations or IR events with some sample walkthroughs/solutions
Links to various memory samples:
-
Memlabs
Sample: Various
Original Link: https://github.com/stuxnet999/MemLabs
-
InCTF Internationals 2019
Sample: Windows 7 SP1 x64
Original Link: https://blog.bi0s.in/2019/09/24/Forensics/InCTFi19-NotchItUp/
Link to Mega download: https://mega.nz/#!kypmTaLJ!cWChsh8CdTMTWt7Ae0oNiCFfrSXwK8vqEMGn0SO22JQ
-
13Cubed Memory Forensics CTF
Sample: Windows 10 build 17134 x64
Original Link: https://www.youtube.com/watch?v=JuEv8UleO0U
Google Drive Link: https://drive.google.com/drive/folders/1E-i2RTUBXBGUd_Xz0k67kFOpHcr6WX8J
WannaCry Memory Analysis
Sample: Windows XP SP3
Original Link: https://www.null0x4d5a.com/2017/05/memory-analsyis-of-wannacry-ransomware.html
Mega Link: https://mega.nz/#!Au5xlCAS!KX5ZJKYzQgDHSa72lPFwqKL6CsZS7oQGbyyQrMTH9XY
Securinets Quals 2019 -Contact_Me
Sample: MacSierra_10_12_6_16G23ax64
Volatility 2 Profile: https://github.com/volatilityfoundation/profiles/blob/master/Mac/10.12/Sierra_10.12.6_16G23a.zip
Original Link: https://stuxnet999.github.io/securinets-ctf/2019/08/24/SecurinetsQuals2019-Contact-Me.html
Mega Link: https://mega.nz/#!L6QVyA5T!GYhexxkkraKvcV6Q6jhf08-xw0x_1X9Nzz9hAF8PuwE
Malware Cookbook
Sample: Various
Original Link: https://github.com/volatilityfoundation/volatility/wiki/Memory-Samples
SendSpace Link: https://www.sendspace.com/pro/dl/p87m18
Links to Memory Samples from Volatility
Sample: Various
Original Link: https://github.com/volatilityfoundation/volatility/wiki/Memory-Samples
PSExec.py Activity
Sample: Windows Server 2012
Infected: https://mega.nz/file/FwRFTa5a#0uoSJK3KsJhnytSAtwDm8onv2cHm9zdf8m6flmlP_Ts
Clean: https://mega.nz/file/FhQHXIoB#WqzU5XV6fDs6QbcglMYmJkHmX7ExE2ZHG8o9AbTg5is
-
Otter CTF
Sample: Windows 7 SP1 x64
Original Link: https://cyb3rbl0g.github.io/otterctf-memory-forensic/
Mega Link: https://mega.nz/#!sh8wmCIL!b4tpech4wzc3QQ6YgQ2uZnOmctRZ2duQxDqxbkWYipQ
-
GrrCon 2015
Sample: Various named: target1, target2, pos01 and ex01
Original Link: https://malwarenailed.blogspot.com/2020/04/memory-forensics-grrcon2015-ctf.html
Google Drive Link: https://drive.google.com/drive/folders/0Bz3L4ZnVlUY8ZmFmajQ3TUo0V1k
Magnet CTF Week 9 - Digging Through Memory
Sample: Windows 7 SP1 x64
Original Link: https://dfir.science/2020/12/Magnet-CTF-Week-9-digging-through-memory.html
Google Drive Link: https://drive.google.com/drive/folders/1iCxOKhfoHvxoBRNXJlm2VBiAVgDD_p5d
Houseplant CTF 2020 - Imagery
Sample: Windows 10 Build 17763 x64
Original Link: https://ctftime.org/writeup/20330
Mega Link: https://mega.nz/file/R00hgCIa#e0gMZjsGI0cqw88GzbEzKhcijWGTEPQsst4QMfRlNqg
AboutDFIR
Sample: Various (look for Memory)
Original Link: https://aboutdfir.com/education/challenges-ctfs/