DumpMe (Memory Image Forensics)

Scenario
One of the SOC analysts took a memory dump from a machine infected with a meterpreter malware. As a Digital Forensicators, your job is to analyze the dump, extract the available indicators of compromise (IOCs) and answer the provided questions.
Given File
Triage-Memory.mem
Tool
Volatility
Challenge Questions
- What is the SHA1 hash of triage.mem (memory dump)?

- What volatility profile is the most appropriate for this machine?

- What was the process ID of notepad.exe?

- Name the child process of wscript.exe.

- What was the IP address of the machine at the time the RAM dump was created?

- Based on the answer regarding the infected PID, can you determine the IP of the attacker?

- How many processes are associated with VCRUNTIME140.dll?

- After dumping the infected process, what is its md5 hash?

- What is the LM hash of Bob's account?

- What memory protection constants does the VAD node at 0xfffffa800577ba10 have?

- What memory protection did the VAD starting at 0x00000000033c0000 and ending at 0x00000000033dffff have?

- There was a VBS script that ran on the machine. What is the name of the script? (submit without file extension)

- An application was run at 2019-03-07 23:06:58 UTC. What is the name of the program? (Include extension)

- What was written in notepad.exe at the time when the memory dump was captured?

- What is the short name of the file at file record 59045?

- This box was exploited and is running meterpreter. What was the infected PID?
