TryHackMe Malware Introductory Room Write-up

SMN666
2 min readNov 22, 2020

Created by SMN666

Task 1:

No answer needed.

Task 2:

What is the famous example of a targeted attack-esque Malware that targeted Iran?

Stuxnet

What is the name of the Ransomware that used the Eternalblue exploit in a “Mass Campaign” attack?

Wannacry

Task 3:

Name the first essential step of a Malware Attack?

Delivery

Now name the second essential step of a Malware Attack?

Execution

What type of signature is used to classify remnants of infection on a host?

Host-Based Signatures

What is the name of the other classification of signature used after a Malware attack?

Network-Based Signatures

Task4:

No answer needed.

Task 5:

No answer needed.

Task 6:

No answer needed.

Task 7:

The MD5 Checksum of aws.exe

D2778164EF643BA8F44CC202EC7EF157

The MD5 Checksum of Netlogo.exe

59CB421172A89E1E16C11A428326952C

The MD5 Checksum of vlc.exe

5416BE1B8B04B1681CB39CF0E2CAAD9F

Task 8:

Does Virustotal report this MD5 Checksum / file aws.exe as malicious? (Yay/Nay)

Nay

Does Virustotal report this MD5 Checksum / file Netlogo.exe as malicious? (Yay/Nay)

Nay

Does Virustotal report this MD5 Checksum / file vlc.exe as malicious? (Yay/Nay)

Nay

Task 9:

What does PeID propose 1DE9176AD682FF.dll being packed with?

Microsoft Visual C++ 6.0 DLL

What does PeID propose AD29AA1B.bin being packed with?

Microsoft Visual C++ 6.0

Task 10:

What packer does PeID report file “6F431F46547DB2628” to be packed with?

FSG 1.0 -> dulek/xt

Task 11:

No answer needed.

Task 12:

What is the URL that is outputted after using “strings”

practicalmalwareanalysis.com

How many unique “Imports” are there?

5

Task 13:

How many references are there to the library “msi” in the “Imports” tab of IDA Freeware for “install.exe”

9

Task 14:

What is the MD5 Checksum of the file?

f5bd8e6dc6782ed4dfa62b8215bdc429

Does Virustotal report this file as malicious? (Yay/Nay)

Yay

Output the strings using Sysinternals “strings” tool.

What is the last string outputted?

d:h:

What is the output of PeID when trying to detect what packer is used by the file?

Nothing found

Task 15:

No answer needed.

Thanks you ^_^

--

--