tryhackme.com
Open in
urlscan Pro
2606:4700:10::ac43:1b0a
Public Scan
URL:
https://tryhackme.com/r/room/malresearching
Submission Tags: falconsandbox
Submission: On May 15 via api from US — Scanned from DE
Submission Tags: falconsandbox
Submission: On May 15 via api from US — Scanned from DE
Form analysis
20 forms found in the DOM<form data-sentry-element="StyledForm" data-sentry-source-file="question-and-answer-item.tsx" class="sc-jRsTgw iVtqLT">
<div data-sentry-element="StyledTextfieldContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-ivewpf bdpwdP">
<div class="sc-iHmpnF bzeICu">
<div class="sc-gEvEer sc-uVWWZ dUlYmO iSiGll"><input id="1" name="1" data-testid="answer-field" autocomplete="off" placeholder="Login to answer.." data-sentry-element="TextField" data-sentry-source-file="question-and-answer-item.tsx"
class="sc-fjvvzt jMErKq" value="" disabled=""></div>
</div>
</div>
<div data-sentry-element="StyledButtonsContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-fNZVXS cqVYyn"><button color="add" type="submit" role="button" data-sentry-element="StyledButton"
data-sentry-source-file="question-and-answer-item.tsx" class="sc-kAyceB bWrVDc sc-kGCWdC sc-jHrxRT etKgBx jQoacY">Login to answer..</button></div>
</form>
<form data-sentry-element="StyledForm" data-sentry-source-file="question-and-answer-item.tsx" class="sc-jRsTgw iVtqLT">
<div data-sentry-element="StyledTextfieldContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-ivewpf bdpwdP">
<div class="sc-iHmpnF bzeICu">
<div class="sc-gEvEer sc-uVWWZ dUlYmO iSiGll"><input id="1" name="1" data-testid="answer-field" autocomplete="off" placeholder="Login to answer.." data-sentry-element="TextField" data-sentry-source-file="question-and-answer-item.tsx"
class="sc-fjvvzt jMErKq" value="" disabled=""></div>
</div>
</div>
<div data-sentry-element="StyledButtonsContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-fNZVXS cqVYyn"><button color="add" type="submit" role="button" data-sentry-element="StyledButton"
data-sentry-source-file="question-and-answer-item.tsx" class="sc-kAyceB bWrVDc sc-kGCWdC sc-jHrxRT etKgBx jQoacY">Login to answer..</button></div>
</form>
<form data-sentry-element="StyledForm" data-sentry-source-file="question-and-answer-item.tsx" class="sc-jRsTgw iVtqLT">
<div data-sentry-element="StyledTextfieldContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-ivewpf bdpwdP">
<div class="sc-iHmpnF bzeICu">
<div class="sc-gEvEer sc-uVWWZ dUlYmO iSiGll"><input id="1" name="1" data-testid="answer-field" autocomplete="off" placeholder="Login to answer.." data-sentry-element="TextField" data-sentry-source-file="question-and-answer-item.tsx"
class="sc-fjvvzt jMErKq" value="" disabled=""></div>
</div>
</div>
<div data-sentry-element="StyledButtonsContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-fNZVXS cqVYyn"><button color="add" type="submit" role="button" data-sentry-element="StyledButton"
data-sentry-source-file="question-and-answer-item.tsx" class="sc-kAyceB bWrVDc sc-kGCWdC sc-jHrxRT etKgBx jQoacY">Login to answer..</button></div>
</form>
<form data-sentry-element="StyledForm" data-sentry-source-file="question-and-answer-item.tsx" class="sc-jRsTgw iVtqLT">
<div data-sentry-element="StyledTextfieldContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-ivewpf bdpwdP">
<div class="sc-iHmpnF bzeICu">
<div class="sc-gEvEer sc-uVWWZ dUlYmO iSiGll"><input id="2" name="2" data-testid="answer-field" autocomplete="off" placeholder="Login to answer.." data-sentry-element="TextField" data-sentry-source-file="question-and-answer-item.tsx"
class="sc-fjvvzt jMErKq" value="" disabled=""></div>
</div>
</div>
<div data-sentry-element="StyledButtonsContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-fNZVXS cqVYyn"><button color="add" type="submit" role="button" data-sentry-element="StyledButton"
data-sentry-source-file="question-and-answer-item.tsx" class="sc-kAyceB bWrVDc sc-kGCWdC sc-jHrxRT etKgBx jQoacY">Login to answer..</button></div>
</form>
<form data-sentry-element="StyledForm" data-sentry-source-file="question-and-answer-item.tsx" class="sc-jRsTgw iVtqLT">
<div data-sentry-element="StyledTextfieldContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-ivewpf bdpwdP">
<div class="sc-iHmpnF bzeICu">
<div class="sc-gEvEer sc-uVWWZ dUlYmO iSiGll"><input id="3" name="3" data-testid="answer-field" autocomplete="off" placeholder="Login to answer.." data-sentry-element="TextField" data-sentry-source-file="question-and-answer-item.tsx"
class="sc-fjvvzt jMErKq" value="" disabled=""></div>
</div>
</div>
<div data-sentry-element="StyledButtonsContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-fNZVXS cqVYyn"><button color="add" type="submit" role="button" data-sentry-element="StyledButton"
data-sentry-source-file="question-and-answer-item.tsx" class="sc-kAyceB bWrVDc sc-kGCWdC sc-jHrxRT etKgBx jQoacY">Login to answer..</button></div>
</form>
<form data-sentry-element="StyledForm" data-sentry-source-file="question-and-answer-item.tsx" class="sc-jRsTgw iVtqLT">
<div data-sentry-element="StyledTextfieldContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-ivewpf bdpwdP">
<div class="sc-iHmpnF bzeICu">
<div class="sc-gEvEer sc-uVWWZ dUlYmO iSiGll"><input id="4" name="4" data-testid="answer-field" autocomplete="off" placeholder="Login to answer.." data-sentry-element="TextField" data-sentry-source-file="question-and-answer-item.tsx"
class="sc-fjvvzt jMErKq" value="" disabled=""></div>
</div>
</div>
<div data-sentry-element="StyledButtonsContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-fNZVXS cqVYyn"><button color="add" type="submit" role="button" data-sentry-element="StyledButton"
data-sentry-source-file="question-and-answer-item.tsx" class="sc-kAyceB bWrVDc sc-kGCWdC sc-jHrxRT etKgBx jQoacY">Login to answer..</button></div>
</form>
<form data-sentry-element="StyledForm" data-sentry-source-file="question-and-answer-item.tsx" class="sc-jRsTgw iVtqLT">
<div data-sentry-element="StyledTextfieldContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-ivewpf bdpwdP">
<div class="sc-iHmpnF bzeICu">
<div class="sc-gEvEer sc-uVWWZ dUlYmO iSiGll"><input id="5" name="5" data-testid="answer-field" autocomplete="off" placeholder="Login to answer.." data-sentry-element="TextField" data-sentry-source-file="question-and-answer-item.tsx"
class="sc-fjvvzt jMErKq" value="" disabled=""></div>
</div>
</div>
<div data-sentry-element="StyledButtonsContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-fNZVXS cqVYyn"><button color="add" type="submit" role="button" data-sentry-element="StyledButton"
data-sentry-source-file="question-and-answer-item.tsx" class="sc-kAyceB bWrVDc sc-kGCWdC sc-jHrxRT etKgBx jQoacY">Login to answer..</button></div>
</form>
<form data-sentry-element="StyledForm" data-sentry-source-file="question-and-answer-item.tsx" class="sc-jRsTgw iVtqLT">
<div data-sentry-element="StyledTextfieldContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-ivewpf bdpwdP">
<div class="sc-iHmpnF bzeICu">
<div class="sc-gEvEer sc-uVWWZ dUlYmO iSiGll"><input id="1" name="1" data-testid="answer-field" autocomplete="off" placeholder="Login to answer.." data-sentry-element="TextField" data-sentry-source-file="question-and-answer-item.tsx"
class="sc-fjvvzt jMErKq" value="" disabled=""></div>
</div>
</div>
<div data-sentry-element="StyledButtonsContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-fNZVXS cqVYyn"><button color="add" type="submit" role="button" data-sentry-element="StyledButton"
data-sentry-source-file="question-and-answer-item.tsx" class="sc-kAyceB bWrVDc sc-kGCWdC sc-jHrxRT etKgBx jQoacY">Login to answer..</button><button color="hint" type="button" role="button" class="sc-kAyceB dtlBUx sc-kGCWdC etKgBx"><svg
aria-hidden="true" focusable="false" data-prefix="far" data-icon="lightbulb" class="svg-inline--fa fa-lightbulb " role="img" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 384 512">
<path fill="currentColor"
d="M112.1 454.3c0 6.297 1.816 12.44 5.284 17.69l17.14 25.69c5.25 7.875 17.17 14.28 26.64 14.28h61.67c9.438 0 21.36-6.401 26.61-14.28l17.08-25.68c2.938-4.438 5.348-12.37 5.348-17.7L272 415.1h-160L112.1 454.3zM192 0C90.02 .3203 16 82.97 16 175.1c0 44.38 16.44 84.84 43.56 115.8c16.53 18.84 42.34 58.23 52.22 91.45c.0313 .25 .0938 .5166 .125 .7823h160.2c.0313-.2656 .0938-.5166 .125-.7823c9.875-33.22 35.69-72.61 52.22-91.45C351.6 260.8 368 220.4 368 175.1C368 78.8 289.2 .0039 192 0zM288.4 260.1c-15.66 17.85-35.04 46.3-49.05 75.89h-94.61c-14.01-29.59-33.39-58.04-49.04-75.88C75.24 236.8 64 206.1 64 175.1C64 113.3 112.1 48.25 191.1 48C262.6 48 320 105.4 320 175.1C320 206.1 308.8 236.8 288.4 260.1zM176 80C131.9 80 96 115.9 96 160c0 8.844 7.156 16 16 16S128 168.8 128 160c0-26.47 21.53-48 48-48c8.844 0 16-7.148 16-15.99S184.8 80 176 80z">
</path>
</svg>Hint</button></div>
</form>
<form data-sentry-element="StyledForm" data-sentry-source-file="question-and-answer-item.tsx" class="sc-jRsTgw iVtqLT">
<div data-sentry-element="StyledTextfieldContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-ivewpf bdpwdP">
<div class="sc-iHmpnF bzeICu">
<div class="sc-gEvEer sc-uVWWZ dUlYmO iSiGll"><input id="2" name="2" data-testid="answer-field" autocomplete="off" placeholder="Login to answer.." data-sentry-element="TextField" data-sentry-source-file="question-and-answer-item.tsx"
class="sc-fjvvzt jMErKq" value="" disabled=""></div>
</div>
</div>
<div data-sentry-element="StyledButtonsContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-fNZVXS cqVYyn"><button color="add" type="submit" role="button" data-sentry-element="StyledButton"
data-sentry-source-file="question-and-answer-item.tsx" class="sc-kAyceB bWrVDc sc-kGCWdC sc-jHrxRT etKgBx jQoacY">Login to answer..</button></div>
</form>
<form data-sentry-element="StyledForm" data-sentry-source-file="question-and-answer-item.tsx" class="sc-jRsTgw iVtqLT">
<div data-sentry-element="StyledTextfieldContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-ivewpf bdpwdP">
<div class="sc-iHmpnF bzeICu">
<div class="sc-gEvEer sc-uVWWZ dUlYmO iSiGll"><input id="3" name="3" data-testid="answer-field" autocomplete="off" placeholder="Login to answer.." data-sentry-element="TextField" data-sentry-source-file="question-and-answer-item.tsx"
class="sc-fjvvzt jMErKq" value="" disabled=""></div>
</div>
</div>
<div data-sentry-element="StyledButtonsContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-fNZVXS cqVYyn"><button color="add" type="submit" role="button" data-sentry-element="StyledButton"
data-sentry-source-file="question-and-answer-item.tsx" class="sc-kAyceB bWrVDc sc-kGCWdC sc-jHrxRT etKgBx jQoacY">Login to answer..</button><button color="hint" type="button" role="button" class="sc-kAyceB dtlBUx sc-kGCWdC etKgBx"><svg
aria-hidden="true" focusable="false" data-prefix="far" data-icon="lightbulb" class="svg-inline--fa fa-lightbulb " role="img" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 384 512">
<path fill="currentColor"
d="M112.1 454.3c0 6.297 1.816 12.44 5.284 17.69l17.14 25.69c5.25 7.875 17.17 14.28 26.64 14.28h61.67c9.438 0 21.36-6.401 26.61-14.28l17.08-25.68c2.938-4.438 5.348-12.37 5.348-17.7L272 415.1h-160L112.1 454.3zM192 0C90.02 .3203 16 82.97 16 175.1c0 44.38 16.44 84.84 43.56 115.8c16.53 18.84 42.34 58.23 52.22 91.45c.0313 .25 .0938 .5166 .125 .7823h160.2c.0313-.2656 .0938-.5166 .125-.7823c9.875-33.22 35.69-72.61 52.22-91.45C351.6 260.8 368 220.4 368 175.1C368 78.8 289.2 .0039 192 0zM288.4 260.1c-15.66 17.85-35.04 46.3-49.05 75.89h-94.61c-14.01-29.59-33.39-58.04-49.04-75.88C75.24 236.8 64 206.1 64 175.1C64 113.3 112.1 48.25 191.1 48C262.6 48 320 105.4 320 175.1C320 206.1 308.8 236.8 288.4 260.1zM176 80C131.9 80 96 115.9 96 160c0 8.844 7.156 16 16 16S128 168.8 128 160c0-26.47 21.53-48 48-48c8.844 0 16-7.148 16-15.99S184.8 80 176 80z">
</path>
</svg>Hint</button></div>
</form>
<form data-sentry-element="StyledForm" data-sentry-source-file="question-and-answer-item.tsx" class="sc-jRsTgw iVtqLT">
<div data-sentry-element="StyledTextfieldContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-ivewpf bdpwdP">
<div class="sc-iHmpnF bzeICu">
<div class="sc-gEvEer sc-uVWWZ dUlYmO iSiGll"><input id="4" name="4" data-testid="answer-field" autocomplete="off" placeholder="Login to answer.." data-sentry-element="TextField" data-sentry-source-file="question-and-answer-item.tsx"
class="sc-fjvvzt jMErKq" value="" disabled=""></div>
</div>
</div>
<div data-sentry-element="StyledButtonsContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-fNZVXS cqVYyn"><button color="add" type="submit" role="button" data-sentry-element="StyledButton"
data-sentry-source-file="question-and-answer-item.tsx" class="sc-kAyceB bWrVDc sc-kGCWdC sc-jHrxRT etKgBx jQoacY">Login to answer..</button></div>
</form>
<form data-sentry-element="StyledForm" data-sentry-source-file="question-and-answer-item.tsx" class="sc-jRsTgw iVtqLT">
<div data-sentry-element="StyledTextfieldContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-ivewpf bdpwdP">
<div class="sc-iHmpnF bzeICu">
<div class="sc-gEvEer sc-uVWWZ dUlYmO iSiGll"><input id="5" name="5" data-testid="answer-field" autocomplete="off" placeholder="Login to answer.." data-sentry-element="TextField" data-sentry-source-file="question-and-answer-item.tsx"
class="sc-fjvvzt jMErKq" value="" disabled=""></div>
</div>
</div>
<div data-sentry-element="StyledButtonsContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-fNZVXS cqVYyn"><button color="add" type="submit" role="button" data-sentry-element="StyledButton"
data-sentry-source-file="question-and-answer-item.tsx" class="sc-kAyceB bWrVDc sc-kGCWdC sc-jHrxRT etKgBx jQoacY">Login to answer..</button></div>
</form>
<form data-sentry-element="StyledForm" data-sentry-source-file="question-and-answer-item.tsx" class="sc-jRsTgw iVtqLT">
<div data-sentry-element="StyledTextfieldContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-ivewpf bdpwdP">
<div class="sc-iHmpnF bzeICu">
<div class="sc-gEvEer sc-uVWWZ dUlYmO iSiGll"><input id="6" name="6" data-testid="answer-field" autocomplete="off" placeholder="Login to answer.." data-sentry-element="TextField" data-sentry-source-file="question-and-answer-item.tsx"
class="sc-fjvvzt jMErKq" value="" disabled=""></div>
</div>
</div>
<div data-sentry-element="StyledButtonsContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-fNZVXS cqVYyn"><button color="add" type="submit" role="button" data-sentry-element="StyledButton"
data-sentry-source-file="question-and-answer-item.tsx" class="sc-kAyceB bWrVDc sc-kGCWdC sc-jHrxRT etKgBx jQoacY">Login to answer..</button></div>
</form>
<form data-sentry-element="StyledForm" data-sentry-source-file="question-and-answer-item.tsx" class="sc-jRsTgw iVtqLT">
<div data-sentry-element="StyledTextfieldContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-ivewpf bdpwdP">
<div class="sc-iHmpnF bzeICu">
<div class="sc-gEvEer sc-uVWWZ dUlYmO iSiGll"><input id="1" name="1" data-testid="answer-field" autocomplete="off" placeholder="Login to answer.." data-sentry-element="TextField" data-sentry-source-file="question-and-answer-item.tsx"
class="sc-fjvvzt jMErKq" value="" disabled=""></div>
</div>
</div>
<div data-sentry-element="StyledButtonsContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-fNZVXS cqVYyn"><button color="add" type="submit" role="button" data-sentry-element="StyledButton"
data-sentry-source-file="question-and-answer-item.tsx" class="sc-kAyceB bWrVDc sc-kGCWdC sc-jHrxRT etKgBx jQoacY">Login to answer..</button><button color="hint" type="button" role="button" class="sc-kAyceB dtlBUx sc-kGCWdC etKgBx"><svg
aria-hidden="true" focusable="false" data-prefix="far" data-icon="lightbulb" class="svg-inline--fa fa-lightbulb " role="img" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 384 512">
<path fill="currentColor"
d="M112.1 454.3c0 6.297 1.816 12.44 5.284 17.69l17.14 25.69c5.25 7.875 17.17 14.28 26.64 14.28h61.67c9.438 0 21.36-6.401 26.61-14.28l17.08-25.68c2.938-4.438 5.348-12.37 5.348-17.7L272 415.1h-160L112.1 454.3zM192 0C90.02 .3203 16 82.97 16 175.1c0 44.38 16.44 84.84 43.56 115.8c16.53 18.84 42.34 58.23 52.22 91.45c.0313 .25 .0938 .5166 .125 .7823h160.2c.0313-.2656 .0938-.5166 .125-.7823c9.875-33.22 35.69-72.61 52.22-91.45C351.6 260.8 368 220.4 368 175.1C368 78.8 289.2 .0039 192 0zM288.4 260.1c-15.66 17.85-35.04 46.3-49.05 75.89h-94.61c-14.01-29.59-33.39-58.04-49.04-75.88C75.24 236.8 64 206.1 64 175.1C64 113.3 112.1 48.25 191.1 48C262.6 48 320 105.4 320 175.1C320 206.1 308.8 236.8 288.4 260.1zM176 80C131.9 80 96 115.9 96 160c0 8.844 7.156 16 16 16S128 168.8 128 160c0-26.47 21.53-48 48-48c8.844 0 16-7.148 16-15.99S184.8 80 176 80z">
</path>
</svg>Hint</button></div>
</form>
<form data-sentry-element="StyledForm" data-sentry-source-file="question-and-answer-item.tsx" class="sc-jRsTgw iVtqLT">
<div data-sentry-element="StyledTextfieldContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-ivewpf bdpwdP">
<div class="sc-iHmpnF bzeICu">
<div class="sc-gEvEer sc-uVWWZ dUlYmO iSiGll"><input id="2" name="2" data-testid="answer-field" autocomplete="off" placeholder="Login to answer.." data-sentry-element="TextField" data-sentry-source-file="question-and-answer-item.tsx"
class="sc-fjvvzt jMErKq" value="" disabled=""></div>
</div>
</div>
<div data-sentry-element="StyledButtonsContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-fNZVXS cqVYyn"><button color="add" type="submit" role="button" data-sentry-element="StyledButton"
data-sentry-source-file="question-and-answer-item.tsx" class="sc-kAyceB bWrVDc sc-kGCWdC sc-jHrxRT etKgBx jQoacY">Login to answer..</button></div>
</form>
<form data-sentry-element="StyledForm" data-sentry-source-file="question-and-answer-item.tsx" class="sc-jRsTgw iVtqLT">
<div data-sentry-element="StyledTextfieldContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-ivewpf bdpwdP">
<div class="sc-iHmpnF bzeICu">
<div class="sc-gEvEer sc-uVWWZ dUlYmO iSiGll"><input id="3" name="3" data-testid="answer-field" autocomplete="off" placeholder="Login to answer.." data-sentry-element="TextField" data-sentry-source-file="question-and-answer-item.tsx"
class="sc-fjvvzt jMErKq" value="" disabled=""></div>
</div>
</div>
<div data-sentry-element="StyledButtonsContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-fNZVXS cqVYyn"><button color="add" type="submit" role="button" data-sentry-element="StyledButton"
data-sentry-source-file="question-and-answer-item.tsx" class="sc-kAyceB bWrVDc sc-kGCWdC sc-jHrxRT etKgBx jQoacY">Login to answer..</button></div>
</form>
<form data-sentry-element="StyledForm" data-sentry-source-file="question-and-answer-item.tsx" class="sc-jRsTgw iVtqLT">
<div data-sentry-element="StyledTextfieldContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-ivewpf bdpwdP">
<div class="sc-iHmpnF bzeICu">
<div class="sc-gEvEer sc-uVWWZ dUlYmO iSiGll"><input id="1" name="1" data-testid="answer-field" autocomplete="off" placeholder="Login to answer.." data-sentry-element="TextField" data-sentry-source-file="question-and-answer-item.tsx"
class="sc-fjvvzt jMErKq" value="" disabled=""></div>
</div>
</div>
<div data-sentry-element="StyledButtonsContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-fNZVXS cqVYyn"><button color="add" type="submit" role="button" data-sentry-element="StyledButton"
data-sentry-source-file="question-and-answer-item.tsx" class="sc-kAyceB bWrVDc sc-kGCWdC sc-jHrxRT etKgBx jQoacY">Login to answer..</button></div>
</form>
<form data-sentry-element="StyledForm" data-sentry-source-file="question-and-answer-item.tsx" class="sc-jRsTgw iVtqLT">
<div data-sentry-element="StyledTextfieldContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-ivewpf bdpwdP">
<div class="sc-iHmpnF bzeICu">
<div class="sc-gEvEer sc-uVWWZ dUlYmO iSiGll"><input id="2" name="2" data-testid="answer-field" autocomplete="off" placeholder="Login to answer.." data-sentry-element="TextField" data-sentry-source-file="question-and-answer-item.tsx"
class="sc-fjvvzt jMErKq" value="" disabled=""></div>
</div>
</div>
<div data-sentry-element="StyledButtonsContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-fNZVXS cqVYyn"><button color="add" type="submit" role="button" data-sentry-element="StyledButton"
data-sentry-source-file="question-and-answer-item.tsx" class="sc-kAyceB bWrVDc sc-kGCWdC sc-jHrxRT etKgBx jQoacY">Login to answer..</button></div>
</form>
<form data-sentry-element="StyledForm" data-sentry-source-file="question-and-answer-item.tsx" class="sc-jRsTgw iVtqLT">
<div data-sentry-element="StyledTextfieldContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-ivewpf bdpwdP">
<div class="sc-iHmpnF bzeICu">
<div class="sc-gEvEer sc-uVWWZ dUlYmO iSiGll"><input id="3" name="3" data-testid="answer-field" autocomplete="off" placeholder="Login to answer.." data-sentry-element="TextField" data-sentry-source-file="question-and-answer-item.tsx"
class="sc-fjvvzt jMErKq" value="" disabled=""></div>
</div>
</div>
<div data-sentry-element="StyledButtonsContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-fNZVXS cqVYyn"><button color="add" type="submit" role="button" data-sentry-element="StyledButton"
data-sentry-source-file="question-and-answer-item.tsx" class="sc-kAyceB bWrVDc sc-kGCWdC sc-jHrxRT etKgBx jQoacY">Login to answer..</button><button color="hint" type="button" role="button" class="sc-kAyceB dtlBUx sc-kGCWdC etKgBx"><svg
aria-hidden="true" focusable="false" data-prefix="far" data-icon="lightbulb" class="svg-inline--fa fa-lightbulb " role="img" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 384 512">
<path fill="currentColor"
d="M112.1 454.3c0 6.297 1.816 12.44 5.284 17.69l17.14 25.69c5.25 7.875 17.17 14.28 26.64 14.28h61.67c9.438 0 21.36-6.401 26.61-14.28l17.08-25.68c2.938-4.438 5.348-12.37 5.348-17.7L272 415.1h-160L112.1 454.3zM192 0C90.02 .3203 16 82.97 16 175.1c0 44.38 16.44 84.84 43.56 115.8c16.53 18.84 42.34 58.23 52.22 91.45c.0313 .25 .0938 .5166 .125 .7823h160.2c.0313-.2656 .0938-.5166 .125-.7823c9.875-33.22 35.69-72.61 52.22-91.45C351.6 260.8 368 220.4 368 175.1C368 78.8 289.2 .0039 192 0zM288.4 260.1c-15.66 17.85-35.04 46.3-49.05 75.89h-94.61c-14.01-29.59-33.39-58.04-49.04-75.88C75.24 236.8 64 206.1 64 175.1C64 113.3 112.1 48.25 191.1 48C262.6 48 320 105.4 320 175.1C320 206.1 308.8 236.8 288.4 260.1zM176 80C131.9 80 96 115.9 96 160c0 8.844 7.156 16 16 16S128 168.8 128 160c0-26.47 21.53-48 48-48c8.844 0 16-7.148 16-15.99S184.8 80 176 80z">
</path>
</svg>Hint</button></div>
</form>
<form data-sentry-element="StyledForm" data-sentry-source-file="question-and-answer-item.tsx" class="sc-jRsTgw iVtqLT">
<div data-sentry-element="StyledTextfieldContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-ivewpf bdpwdP">
<div class="sc-iHmpnF bzeICu">
<div class="sc-gEvEer sc-uVWWZ dUlYmO iSiGll"><input id="1" name="1" data-testid="answer-field" autocomplete="off" placeholder="Login to answer.." data-sentry-element="TextField" data-sentry-source-file="question-and-answer-item.tsx"
class="sc-fjvvzt jMErKq" value="" disabled=""></div>
</div>
</div>
<div data-sentry-element="StyledButtonsContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-fNZVXS cqVYyn"><button color="add" type="submit" role="button" data-sentry-element="StyledButton"
data-sentry-source-file="question-and-answer-item.tsx" class="sc-kAyceB bWrVDc sc-kGCWdC sc-jHrxRT etKgBx jQoacY">Login to answer..</button></div>
</form>
Text Content
You need to enable JavaScript to run this app. * Learn * Compete * For Education * For Business * Pricing Learn Compete For Education For Business Pricing Log InJoin for FREE Log InJoin for FREE * Learn * MAL: Researching MAL: RESEARCHING Understanding checksums, how to generate them and their use throughout malware analysis with online sandboxing & reporting services easy 0 min Help 455 Room progress ( 0% ) To access material, start machines and answer questions login. Task 1Intro Preface: Welcome to 2. MP: Research section of my malware analysis series. Although we will be covering some cryptography theory, I've kept it relevant and visualised it as best I can. I've provided some resources at the end of the room in the "Further Reading" task for each of the topics covered. You can expect to learn about file checksums, why these values are important in not only day-to-day life but more so how we can utilise them in malware analysis. The first few tasks are theory-heavy, so bear with me. However, towards the end of the room, you will be generating your own checksums, learning how to use online sandboxing, and analysing the reports generated from these. .:. As always, any feedback regarding the content covered through the series so far is greatly appreciated. I always welcome ideas of topics, tools, and techniques that could be covered. .:. ~CMNatic Answer the questions below Let's go! Login to answer.. Task 2Deploy! Task includes a deployable machine Start Machine Deploy the instance attached to this task by left-clicking the green "Deploy" button on the top-right of this task! You are not expected to interact with the instance just yet - you will be provided credentials later on throughout the room. But please ensure you are connected to the TryHackMe OpenVPN before proceeding. Answer the questions below I've deployed my instance and ensured I am connected to the THM VPN! Login to answer.. Task 3Checksums 101 What are Checksums? Checksums are a prominent attribute within the malware analysis community. But moreover, the wider Information Technology (IT) industry. Put simply, these checksums are the result of mathematical operations against an input - where the output is a sequence of characters. Ultimately, the markup of data on a computer system is binary, merely ones and zeros where each value is a "bit". A cryptographic checksum uses these "bits" as the input for these mathematical operations; the increased complexity of the mathematical operations applied, the more secure a checksum is considered. These checksums are also commonly referred to as "hashes". Because of how cryptographic algorithms work, regardless of the size of the input - such as a file - the length of the output will remain the same. For example, take an algorithm and apply these mathematical operations against two files listed below: File NameFile SizeMy_Video.mp44GBMy_Selfie.png10MB Although the file size is vastly different, the length of the output calculated will be the same, albeit its contents different. For example, in this algorithm I have as an example, the output length is 12 characters: File Name File SizeThe output from the AlgorithmMy_Video.mp44GB3DEFAD92D23ADMy_Selfie.png10MBFFDE312DAEFF Whilst the values calculated from the algorithm are different from each file, they remain the same length - irrespective of the file size. Because the two files have different contents, in this case, each output is unique for the file. The increased complexity of the mathematical operations vastly reduces the chances of two files with different contents from having the same output. If this was to occur, it is known as a "hash collision". Explaining the math behind how this happens is out of scope, however, it is extremely rare. To put into perspective, the hashing algorithm MD5 which is a famous recent example will need 6 billion files to be hashed per second - for 100 years on average. (Kornel., 2008) Whilst it's pretty safe to say that the probability of a hash collision occurring is pretty low, it is mathematically possible. For example, researchers (Stevens et al., 2017) report on Shattered.io, where they were able to demonstrate a SHA1 hash collision in practice. I greatly encourage taking the time to read through the report to understand how these collisions can be made into proof of concepts but to also appreciate why discoveries like this are important in the world of information security. It's safe to say it's pretty rare for this error to happen, although it is mathematically possible. We'll visualise this below. Checksums Continued: Let's contextualise checksums a bit more. In IT, checksums are used for verifying the integrity of data. Have you ever copied a file onto a USB drive where Windows complains that the file is now corrupt? That is data corruption; binary data was lost somewhere during the transfer process, either due to software or hardware error. Due to how these cryptographic algorithms work, namely, they produce a result after processing a piece of data at every single bit, checksums are fantastic for verifying if data has completely copied to a new location. Humans can't compare the binary data (which could be millions of values to compare) of two files to ensure they are correct. They can, however, compare two-fixed length values - such as the 12 character length output of the algorithm specified above. In the real-world, some popular algorithms are SHA1, SHA-256 and in some cases, SHA-512, where the output length of each algorithm is varied based on its security. We'll visualise how hashing algorithms work below: See here how the contents of the first two files are the same with "TryHackMe". When using the same algorithm, the generated checksum is the same. This is because the binary data of these two files are identical, so the same algorithm will output the same result. This is not a hash collision. Notice the third file with the same contents of "TryHackMe" resulting in the same binary data has a different checksum. This is because the algorithm, in this case, SHA256 instead of the previous MD5, uses different mathematical operations. The mathematics behind this algorithm is complex in comparison to MD5, so the length of the output string is longer. Finally, notice in the screenshot below (the last file in the screenshot above, just cropped below for clarity) that the contents of the file are now "TryHackeM" and not "TryHackMe": Whilst the same algorithm used on the first two files are also used on this file (MD5) because the contents are now different - albeit very similar - the output is now different in comparison. Visualising a Hash Collision: Okay, bear with me here. It's been pretty theory-heavy I understand...We're almost there I promise! The example screenshots below outline how the various outputs will differ based upon either the algorithm used or the contents of the file. Here we will go through an example of a hash collision: The contents of the two files above are very different. In the real world, the differences could be simply adding or removing a character, but I have made dramatised this example to visualise things better. A hash collision is when two files with different content (such as the two above) have the same output. From a mathematics perspective, these files are identical. However, we know by the contents that they are not at all. Answer the questions below Name the term for an individual piece of binary Login to answer.. What are checksums also known as? Login to answer.. Name the algorithm that is next in the series after SHA-256 Login to answer.. According to this task, how long will you need to hash 6 million files before a MD5 hash collision occurs? Login to answer.. Who developed the MD5 algorithm? Login to answer.. Task 4Online Sandboxing What is online Sandboxing? Sometimes things are left best to the experts. That's especially true in the case of malware analysis. However, online sandboxing hosts use to a wider audience than just hobbyists. In the context of information security, sandboxing is the technique used to isolate processes to prevent direct interaction with one another. There are many examples of this. For example, using Virtualbox as a Hypervisor to run the Kali Linux operating system virtually, in parallel on your main computer. The processes within Kali Linux interact only through the means of Virtualbox and has no interference with processes on your main operating system, such as Windows. In a malware analysis context, analysts employ virtual environments - such as those on TryHackMe, to facilitate analysis of potentially malicious code more securely. Now, with this being said, malware has been known and can very well escape this virtual environment onto the analyst's host system. Whilst this risk is somewhat limited to sophisticated malware, it's very achievable. For example, CVE-2018-2689 is a CVE for Virtualbox where malware was capable of escaping this restricted virtual environment. CVE's such as these are extremely valuable and seldom disclosed due to the actors who discover them and their intentions, namely malicious malware authors. I've written more about how malware detects it is in a virtual environment and the possible routes it can take to escape on my blog. What should be taken away from this task is that a virtual environment alone does not protect you from malware. Simply, virtual environments merely provide a convenient platform to analyse code. Simply, an online sandbox is this virtual environment - but placed online by services such as: * any.run * hybrid-analysis These services are fantastic, as it allows hobbyists to begin understanding how malware behaves with no detriment or risk to themselves. Moreover, online sandboxing platforms are highly sophisticated and are likely to report behaviours that an analyst may have missed. With this said, automated analysis cannot replace the skill and depth that an analyst can exhibit and traverse too. For example, reverse engineering. These platforms are only capable of executing malware and generating reports based upon interactions made with the operating system, any communication attempts and any signatures left behind. For example: * Contacting a domain name (DNS Lookups, etc) * Creating registry keys * Read/Writing files * Creating system processes * Maintaining persistent through system startup entries All of which are all discoverable by an analyst after some time. Therefore, online sandboxes are useful for a precursory inspection of a file. Interacting with an online sandboxing Service: In the example screenshots below, this sample was run through the hybrid-analysis service. The sample took a total of 10 minutes and was free of charge. The report detailed an extensive number of behaviours such as networking traffic and the execution chain, this would have taken an analyst a considerable amount of time to of detailed themselves. Note how the file is still identified only by its "Checksums": If an analyst was to now search google with any of these checksums, the report generated by this sandboxing engine will now be provided as a listing for future analysts. Proceeding to read through the report, interesting behaviours are summarised such as those below: To answer the following questions, read through this analysed sample to solve the following questions: Answer the questions below Name the key term for the type of malware that Emotet is classified as Login to answer..Hint Research time! What type of emails does Emotet use as its payload? Login to answer.. Begin analysing the report, what is the timestamp of when the analysis was made? Login to answer..Hint Name the file that is detected as a "Network Trojan" Login to answer.. What is the PID of the first HTTP GET request? Login to answer.. What is the only DNS request that is made after the sample is executed? Login to answer.. Task 5Practical: Calculating & Reporting Checksums Calculating the MD5 Checksums of provided material: You will be able to interact with your instance using the in-browser functionality, however, you may connect via RDP using the details below - ensuring you are connected to the TryHackMe VPN beforehand. IP Address: MACHINE_IP Username: Administrator Password: Tryhackme123! I have provided the tools and materials on this Instance for you to complete the questions. I will go through obtaining the MD5 Checksum of a file using two methods - you will apply these techniques to answer the questions for this task. The required material is located on the "Administrator" user's Desktop. Using the 3rd-party application "HashTab": 1. Right-click the file you wish to retrieve the checksum of. I will be using "ComplexCalculatorv2" in this example. 2. Left-click the "Properties" title in the drop-down. 3. In the popup, navigate to the "File Hashes" tab, where you will see a screenshot akin to the one below. Note that this tab is not present on a default Windows installation: You can now answer question 1. Using Windows' "Powershell": 1. Firstly we will need to open up "Powershell". You can do this by opening the Windows Search bar. 2. Next, change the directory of the users Desktop by using cd Desktop 3. Verify you are in the right directory by using dir to list the files in the directory. You should see the three below: Powershell has both CertUtil and File-Hash commands that allow us to retrieve various checksums of files, including MD5, SHA1, SHA2, and SHA-256. I will detail the syntax for both below, calculating the MD5 checksum of a file. Using CertUtil: CertUtil -hashfile ComplexCalculatorv2.exe MD5|SHA256|SHA512 or "CertUtil -hashfile <filename> <algorithm>" such as in the example below: Using FileHash: Get-FileHash file_name -Algorithm MD5|SHA256|SHA512 Now you can proceed to answer the remaining questions! Answer the questions below Using the HashTab tool, what is the MD5 checksum for "LoginForm.exe"? Login to answer..Hint Using Get-FileHash in Powershell, retrieve the SHA256 of "TryHackMe.exe" Login to answer.. What would be the syntax to retrieve the SHA256 checksum of "TryHackMe.exe" using CertUtil in Powershell? Login to answer.. Task 6VirusTotal Another online service that utilises these checksums is Virustotal. Virustotal acts as an indexer and aggregator for various Anti Virus (AV) engines. When a checksum is submitted to Virsutotal, fellow malware analysts can view the AV reports attributed to that file. Much like a search engine, you can search for reports by a few characteristics, for example: * The IP Addresses that samples communicate with * Checksums * The file itself In the screenshot below, I have uploaded the "TryHackMe.exe" executable to Virustotal. If you were to browse to VirusTotal, you would be able to discover this report by entering the files' checksum. I have provided the report for you here. A THM Contributor, Darkstar7471 has a fantastic room on using both Volatility, a memory analysis framework and Virustotal. I highly recommend checking it out as you extract files and interact with VirusTotal to determine their maliciousness from the aggregated AV ratings. Read the report provided (here) to answer the questions provided. Answer the questions below Navigate to the "Details" tab, what is the other filename and extension reported as present? Login to answer.. In the same "Details" tab, what is the reported compilation timestamp? Login to answer.. What is the THM{} formatted flag on the report? Login to answer..Hint Task 7Future Reading (References) Cryptography and Checksums: A Meaningful MD5 Hash Collision Attack - (Narayana D. Kashyap., 2008) Cryptography & Network Security - (Behrouz A. Forozuan., 2007) The first collision for full SHA-1 - (Stevens et al., 2017) / (Shattered.io) Blog (Selfless Promo) So you want to analyse malware? Sandboxing Engines: any.run hybrid-analysis Answer the questions below Thanks! I'll stay tuned for more. Login to answer.. Created by cmnatic Room Type Free Room. Anyone can deploy virtual machines in the room (without being subscribed)! Users in Room 13.948 Created 1380 days ago LEARNING * Hands-on labs * For Business * For Education * Competitive Hacking RESOURCES * About Us * Newsroom * Blog * Glossary * Work at TryHackMe SHOP * Buy Vouchers * Swag Shop GET IN TOUCH * Contact Us * Forum We're a gamified, hands-on cyber security training platform that you can access through your browser. 128 City Road, London, United Kingdom, EC1V 2NX Copyright TryHackMe 2018-2024 Privacy PolicyTerms of UseAcceptable Use PolicyCookie Policy Exit split view