tryhackme.com
Open in
urlscan Pro
2606:4700:10::ac43:1b0a
Public Scan
URL:
https://tryhackme.com/r/room/malresearching
Submission Tags: falconsandbox
Submission: On May 15 via api from US — Scanned from DE
Submission Tags: falconsandbox
Submission: On May 15 via api from US — Scanned from DE
Form analysis 20 forms found in the DOM
<form data-sentry-element="StyledForm" data-sentry-source-file="question-and-answer-item.tsx" class="sc-jRsTgw iVtqLT">
<div data-sentry-element="StyledTextfieldContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-ivewpf bdpwdP">
<div class="sc-iHmpnF bzeICu">
<div class="sc-gEvEer sc-uVWWZ dUlYmO iSiGll"><input id="1" name="1" data-testid="answer-field" autocomplete="off" placeholder="Login to answer.." data-sentry-element="TextField" data-sentry-source-file="question-and-answer-item.tsx"
class="sc-fjvvzt jMErKq" value="" disabled=""></div>
</div>
</div>
<div data-sentry-element="StyledButtonsContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-fNZVXS cqVYyn"><button color="add" type="submit" role="button" data-sentry-element="StyledButton"
data-sentry-source-file="question-and-answer-item.tsx" class="sc-kAyceB bWrVDc sc-kGCWdC sc-jHrxRT etKgBx jQoacY">Login to answer..</button></div>
</form><form data-sentry-element="StyledForm" data-sentry-source-file="question-and-answer-item.tsx" class="sc-jRsTgw iVtqLT">
<div data-sentry-element="StyledTextfieldContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-ivewpf bdpwdP">
<div class="sc-iHmpnF bzeICu">
<div class="sc-gEvEer sc-uVWWZ dUlYmO iSiGll"><input id="1" name="1" data-testid="answer-field" autocomplete="off" placeholder="Login to answer.." data-sentry-element="TextField" data-sentry-source-file="question-and-answer-item.tsx"
class="sc-fjvvzt jMErKq" value="" disabled=""></div>
</div>
</div>
<div data-sentry-element="StyledButtonsContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-fNZVXS cqVYyn"><button color="add" type="submit" role="button" data-sentry-element="StyledButton"
data-sentry-source-file="question-and-answer-item.tsx" class="sc-kAyceB bWrVDc sc-kGCWdC sc-jHrxRT etKgBx jQoacY">Login to answer..</button></div>
</form><form data-sentry-element="StyledForm" data-sentry-source-file="question-and-answer-item.tsx" class="sc-jRsTgw iVtqLT">
<div data-sentry-element="StyledTextfieldContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-ivewpf bdpwdP">
<div class="sc-iHmpnF bzeICu">
<div class="sc-gEvEer sc-uVWWZ dUlYmO iSiGll"><input id="1" name="1" data-testid="answer-field" autocomplete="off" placeholder="Login to answer.." data-sentry-element="TextField" data-sentry-source-file="question-and-answer-item.tsx"
class="sc-fjvvzt jMErKq" value="" disabled=""></div>
</div>
</div>
<div data-sentry-element="StyledButtonsContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-fNZVXS cqVYyn"><button color="add" type="submit" role="button" data-sentry-element="StyledButton"
data-sentry-source-file="question-and-answer-item.tsx" class="sc-kAyceB bWrVDc sc-kGCWdC sc-jHrxRT etKgBx jQoacY">Login to answer..</button></div>
</form><form data-sentry-element="StyledForm" data-sentry-source-file="question-and-answer-item.tsx" class="sc-jRsTgw iVtqLT">
<div data-sentry-element="StyledTextfieldContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-ivewpf bdpwdP">
<div class="sc-iHmpnF bzeICu">
<div class="sc-gEvEer sc-uVWWZ dUlYmO iSiGll"><input id="2" name="2" data-testid="answer-field" autocomplete="off" placeholder="Login to answer.." data-sentry-element="TextField" data-sentry-source-file="question-and-answer-item.tsx"
class="sc-fjvvzt jMErKq" value="" disabled=""></div>
</div>
</div>
<div data-sentry-element="StyledButtonsContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-fNZVXS cqVYyn"><button color="add" type="submit" role="button" data-sentry-element="StyledButton"
data-sentry-source-file="question-and-answer-item.tsx" class="sc-kAyceB bWrVDc sc-kGCWdC sc-jHrxRT etKgBx jQoacY">Login to answer..</button></div>
</form><form data-sentry-element="StyledForm" data-sentry-source-file="question-and-answer-item.tsx" class="sc-jRsTgw iVtqLT">
<div data-sentry-element="StyledTextfieldContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-ivewpf bdpwdP">
<div class="sc-iHmpnF bzeICu">
<div class="sc-gEvEer sc-uVWWZ dUlYmO iSiGll"><input id="3" name="3" data-testid="answer-field" autocomplete="off" placeholder="Login to answer.." data-sentry-element="TextField" data-sentry-source-file="question-and-answer-item.tsx"
class="sc-fjvvzt jMErKq" value="" disabled=""></div>
</div>
</div>
<div data-sentry-element="StyledButtonsContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-fNZVXS cqVYyn"><button color="add" type="submit" role="button" data-sentry-element="StyledButton"
data-sentry-source-file="question-and-answer-item.tsx" class="sc-kAyceB bWrVDc sc-kGCWdC sc-jHrxRT etKgBx jQoacY">Login to answer..</button></div>
</form><form data-sentry-element="StyledForm" data-sentry-source-file="question-and-answer-item.tsx" class="sc-jRsTgw iVtqLT">
<div data-sentry-element="StyledTextfieldContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-ivewpf bdpwdP">
<div class="sc-iHmpnF bzeICu">
<div class="sc-gEvEer sc-uVWWZ dUlYmO iSiGll"><input id="4" name="4" data-testid="answer-field" autocomplete="off" placeholder="Login to answer.." data-sentry-element="TextField" data-sentry-source-file="question-and-answer-item.tsx"
class="sc-fjvvzt jMErKq" value="" disabled=""></div>
</div>
</div>
<div data-sentry-element="StyledButtonsContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-fNZVXS cqVYyn"><button color="add" type="submit" role="button" data-sentry-element="StyledButton"
data-sentry-source-file="question-and-answer-item.tsx" class="sc-kAyceB bWrVDc sc-kGCWdC sc-jHrxRT etKgBx jQoacY">Login to answer..</button></div>
</form><form data-sentry-element="StyledForm" data-sentry-source-file="question-and-answer-item.tsx" class="sc-jRsTgw iVtqLT">
<div data-sentry-element="StyledTextfieldContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-ivewpf bdpwdP">
<div class="sc-iHmpnF bzeICu">
<div class="sc-gEvEer sc-uVWWZ dUlYmO iSiGll"><input id="5" name="5" data-testid="answer-field" autocomplete="off" placeholder="Login to answer.." data-sentry-element="TextField" data-sentry-source-file="question-and-answer-item.tsx"
class="sc-fjvvzt jMErKq" value="" disabled=""></div>
</div>
</div>
<div data-sentry-element="StyledButtonsContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-fNZVXS cqVYyn"><button color="add" type="submit" role="button" data-sentry-element="StyledButton"
data-sentry-source-file="question-and-answer-item.tsx" class="sc-kAyceB bWrVDc sc-kGCWdC sc-jHrxRT etKgBx jQoacY">Login to answer..</button></div>
</form><form data-sentry-element="StyledForm" data-sentry-source-file="question-and-answer-item.tsx" class="sc-jRsTgw iVtqLT">
<div data-sentry-element="StyledTextfieldContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-ivewpf bdpwdP">
<div class="sc-iHmpnF bzeICu">
<div class="sc-gEvEer sc-uVWWZ dUlYmO iSiGll"><input id="1" name="1" data-testid="answer-field" autocomplete="off" placeholder="Login to answer.." data-sentry-element="TextField" data-sentry-source-file="question-and-answer-item.tsx"
class="sc-fjvvzt jMErKq" value="" disabled=""></div>
</div>
</div>
<div data-sentry-element="StyledButtonsContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-fNZVXS cqVYyn"><button color="add" type="submit" role="button" data-sentry-element="StyledButton"
data-sentry-source-file="question-and-answer-item.tsx" class="sc-kAyceB bWrVDc sc-kGCWdC sc-jHrxRT etKgBx jQoacY">Login to answer..</button><button color="hint" type="button" role="button" class="sc-kAyceB dtlBUx sc-kGCWdC etKgBx"><svg
aria-hidden="true" focusable="false" data-prefix="far" data-icon="lightbulb" class="svg-inline--fa fa-lightbulb " role="img" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 384 512">
<path fill="currentColor"
d="M112.1 454.3c0 6.297 1.816 12.44 5.284 17.69l17.14 25.69c5.25 7.875 17.17 14.28 26.64 14.28h61.67c9.438 0 21.36-6.401 26.61-14.28l17.08-25.68c2.938-4.438 5.348-12.37 5.348-17.7L272 415.1h-160L112.1 454.3zM192 0C90.02 .3203 16 82.97 16 175.1c0 44.38 16.44 84.84 43.56 115.8c16.53 18.84 42.34 58.23 52.22 91.45c.0313 .25 .0938 .5166 .125 .7823h160.2c.0313-.2656 .0938-.5166 .125-.7823c9.875-33.22 35.69-72.61 52.22-91.45C351.6 260.8 368 220.4 368 175.1C368 78.8 289.2 .0039 192 0zM288.4 260.1c-15.66 17.85-35.04 46.3-49.05 75.89h-94.61c-14.01-29.59-33.39-58.04-49.04-75.88C75.24 236.8 64 206.1 64 175.1C64 113.3 112.1 48.25 191.1 48C262.6 48 320 105.4 320 175.1C320 206.1 308.8 236.8 288.4 260.1zM176 80C131.9 80 96 115.9 96 160c0 8.844 7.156 16 16 16S128 168.8 128 160c0-26.47 21.53-48 48-48c8.844 0 16-7.148 16-15.99S184.8 80 176 80z">
</path>
</svg>Hint</button></div>
</form><form data-sentry-element="StyledForm" data-sentry-source-file="question-and-answer-item.tsx" class="sc-jRsTgw iVtqLT">
<div data-sentry-element="StyledTextfieldContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-ivewpf bdpwdP">
<div class="sc-iHmpnF bzeICu">
<div class="sc-gEvEer sc-uVWWZ dUlYmO iSiGll"><input id="2" name="2" data-testid="answer-field" autocomplete="off" placeholder="Login to answer.." data-sentry-element="TextField" data-sentry-source-file="question-and-answer-item.tsx"
class="sc-fjvvzt jMErKq" value="" disabled=""></div>
</div>
</div>
<div data-sentry-element="StyledButtonsContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-fNZVXS cqVYyn"><button color="add" type="submit" role="button" data-sentry-element="StyledButton"
data-sentry-source-file="question-and-answer-item.tsx" class="sc-kAyceB bWrVDc sc-kGCWdC sc-jHrxRT etKgBx jQoacY">Login to answer..</button></div>
</form><form data-sentry-element="StyledForm" data-sentry-source-file="question-and-answer-item.tsx" class="sc-jRsTgw iVtqLT">
<div data-sentry-element="StyledTextfieldContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-ivewpf bdpwdP">
<div class="sc-iHmpnF bzeICu">
<div class="sc-gEvEer sc-uVWWZ dUlYmO iSiGll"><input id="3" name="3" data-testid="answer-field" autocomplete="off" placeholder="Login to answer.." data-sentry-element="TextField" data-sentry-source-file="question-and-answer-item.tsx"
class="sc-fjvvzt jMErKq" value="" disabled=""></div>
</div>
</div>
<div data-sentry-element="StyledButtonsContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-fNZVXS cqVYyn"><button color="add" type="submit" role="button" data-sentry-element="StyledButton"
data-sentry-source-file="question-and-answer-item.tsx" class="sc-kAyceB bWrVDc sc-kGCWdC sc-jHrxRT etKgBx jQoacY">Login to answer..</button><button color="hint" type="button" role="button" class="sc-kAyceB dtlBUx sc-kGCWdC etKgBx"><svg
aria-hidden="true" focusable="false" data-prefix="far" data-icon="lightbulb" class="svg-inline--fa fa-lightbulb " role="img" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 384 512">
<path fill="currentColor"
d="M112.1 454.3c0 6.297 1.816 12.44 5.284 17.69l17.14 25.69c5.25 7.875 17.17 14.28 26.64 14.28h61.67c9.438 0 21.36-6.401 26.61-14.28l17.08-25.68c2.938-4.438 5.348-12.37 5.348-17.7L272 415.1h-160L112.1 454.3zM192 0C90.02 .3203 16 82.97 16 175.1c0 44.38 16.44 84.84 43.56 115.8c16.53 18.84 42.34 58.23 52.22 91.45c.0313 .25 .0938 .5166 .125 .7823h160.2c.0313-.2656 .0938-.5166 .125-.7823c9.875-33.22 35.69-72.61 52.22-91.45C351.6 260.8 368 220.4 368 175.1C368 78.8 289.2 .0039 192 0zM288.4 260.1c-15.66 17.85-35.04 46.3-49.05 75.89h-94.61c-14.01-29.59-33.39-58.04-49.04-75.88C75.24 236.8 64 206.1 64 175.1C64 113.3 112.1 48.25 191.1 48C262.6 48 320 105.4 320 175.1C320 206.1 308.8 236.8 288.4 260.1zM176 80C131.9 80 96 115.9 96 160c0 8.844 7.156 16 16 16S128 168.8 128 160c0-26.47 21.53-48 48-48c8.844 0 16-7.148 16-15.99S184.8 80 176 80z">
</path>
</svg>Hint</button></div>
</form><form data-sentry-element="StyledForm" data-sentry-source-file="question-and-answer-item.tsx" class="sc-jRsTgw iVtqLT">
<div data-sentry-element="StyledTextfieldContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-ivewpf bdpwdP">
<div class="sc-iHmpnF bzeICu">
<div class="sc-gEvEer sc-uVWWZ dUlYmO iSiGll"><input id="4" name="4" data-testid="answer-field" autocomplete="off" placeholder="Login to answer.." data-sentry-element="TextField" data-sentry-source-file="question-and-answer-item.tsx"
class="sc-fjvvzt jMErKq" value="" disabled=""></div>
</div>
</div>
<div data-sentry-element="StyledButtonsContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-fNZVXS cqVYyn"><button color="add" type="submit" role="button" data-sentry-element="StyledButton"
data-sentry-source-file="question-and-answer-item.tsx" class="sc-kAyceB bWrVDc sc-kGCWdC sc-jHrxRT etKgBx jQoacY">Login to answer..</button></div>
</form><form data-sentry-element="StyledForm" data-sentry-source-file="question-and-answer-item.tsx" class="sc-jRsTgw iVtqLT">
<div data-sentry-element="StyledTextfieldContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-ivewpf bdpwdP">
<div class="sc-iHmpnF bzeICu">
<div class="sc-gEvEer sc-uVWWZ dUlYmO iSiGll"><input id="5" name="5" data-testid="answer-field" autocomplete="off" placeholder="Login to answer.." data-sentry-element="TextField" data-sentry-source-file="question-and-answer-item.tsx"
class="sc-fjvvzt jMErKq" value="" disabled=""></div>
</div>
</div>
<div data-sentry-element="StyledButtonsContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-fNZVXS cqVYyn"><button color="add" type="submit" role="button" data-sentry-element="StyledButton"
data-sentry-source-file="question-and-answer-item.tsx" class="sc-kAyceB bWrVDc sc-kGCWdC sc-jHrxRT etKgBx jQoacY">Login to answer..</button></div>
</form><form data-sentry-element="StyledForm" data-sentry-source-file="question-and-answer-item.tsx" class="sc-jRsTgw iVtqLT">
<div data-sentry-element="StyledTextfieldContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-ivewpf bdpwdP">
<div class="sc-iHmpnF bzeICu">
<div class="sc-gEvEer sc-uVWWZ dUlYmO iSiGll"><input id="6" name="6" data-testid="answer-field" autocomplete="off" placeholder="Login to answer.." data-sentry-element="TextField" data-sentry-source-file="question-and-answer-item.tsx"
class="sc-fjvvzt jMErKq" value="" disabled=""></div>
</div>
</div>
<div data-sentry-element="StyledButtonsContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-fNZVXS cqVYyn"><button color="add" type="submit" role="button" data-sentry-element="StyledButton"
data-sentry-source-file="question-and-answer-item.tsx" class="sc-kAyceB bWrVDc sc-kGCWdC sc-jHrxRT etKgBx jQoacY">Login to answer..</button></div>
</form><form data-sentry-element="StyledForm" data-sentry-source-file="question-and-answer-item.tsx" class="sc-jRsTgw iVtqLT">
<div data-sentry-element="StyledTextfieldContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-ivewpf bdpwdP">
<div class="sc-iHmpnF bzeICu">
<div class="sc-gEvEer sc-uVWWZ dUlYmO iSiGll"><input id="1" name="1" data-testid="answer-field" autocomplete="off" placeholder="Login to answer.." data-sentry-element="TextField" data-sentry-source-file="question-and-answer-item.tsx"
class="sc-fjvvzt jMErKq" value="" disabled=""></div>
</div>
</div>
<div data-sentry-element="StyledButtonsContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-fNZVXS cqVYyn"><button color="add" type="submit" role="button" data-sentry-element="StyledButton"
data-sentry-source-file="question-and-answer-item.tsx" class="sc-kAyceB bWrVDc sc-kGCWdC sc-jHrxRT etKgBx jQoacY">Login to answer..</button><button color="hint" type="button" role="button" class="sc-kAyceB dtlBUx sc-kGCWdC etKgBx"><svg
aria-hidden="true" focusable="false" data-prefix="far" data-icon="lightbulb" class="svg-inline--fa fa-lightbulb " role="img" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 384 512">
<path fill="currentColor"
d="M112.1 454.3c0 6.297 1.816 12.44 5.284 17.69l17.14 25.69c5.25 7.875 17.17 14.28 26.64 14.28h61.67c9.438 0 21.36-6.401 26.61-14.28l17.08-25.68c2.938-4.438 5.348-12.37 5.348-17.7L272 415.1h-160L112.1 454.3zM192 0C90.02 .3203 16 82.97 16 175.1c0 44.38 16.44 84.84 43.56 115.8c16.53 18.84 42.34 58.23 52.22 91.45c.0313 .25 .0938 .5166 .125 .7823h160.2c.0313-.2656 .0938-.5166 .125-.7823c9.875-33.22 35.69-72.61 52.22-91.45C351.6 260.8 368 220.4 368 175.1C368 78.8 289.2 .0039 192 0zM288.4 260.1c-15.66 17.85-35.04 46.3-49.05 75.89h-94.61c-14.01-29.59-33.39-58.04-49.04-75.88C75.24 236.8 64 206.1 64 175.1C64 113.3 112.1 48.25 191.1 48C262.6 48 320 105.4 320 175.1C320 206.1 308.8 236.8 288.4 260.1zM176 80C131.9 80 96 115.9 96 160c0 8.844 7.156 16 16 16S128 168.8 128 160c0-26.47 21.53-48 48-48c8.844 0 16-7.148 16-15.99S184.8 80 176 80z">
</path>
</svg>Hint</button></div>
</form><form data-sentry-element="StyledForm" data-sentry-source-file="question-and-answer-item.tsx" class="sc-jRsTgw iVtqLT">
<div data-sentry-element="StyledTextfieldContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-ivewpf bdpwdP">
<div class="sc-iHmpnF bzeICu">
<div class="sc-gEvEer sc-uVWWZ dUlYmO iSiGll"><input id="2" name="2" data-testid="answer-field" autocomplete="off" placeholder="Login to answer.." data-sentry-element="TextField" data-sentry-source-file="question-and-answer-item.tsx"
class="sc-fjvvzt jMErKq" value="" disabled=""></div>
</div>
</div>
<div data-sentry-element="StyledButtonsContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-fNZVXS cqVYyn"><button color="add" type="submit" role="button" data-sentry-element="StyledButton"
data-sentry-source-file="question-and-answer-item.tsx" class="sc-kAyceB bWrVDc sc-kGCWdC sc-jHrxRT etKgBx jQoacY">Login to answer..</button></div>
</form><form data-sentry-element="StyledForm" data-sentry-source-file="question-and-answer-item.tsx" class="sc-jRsTgw iVtqLT">
<div data-sentry-element="StyledTextfieldContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-ivewpf bdpwdP">
<div class="sc-iHmpnF bzeICu">
<div class="sc-gEvEer sc-uVWWZ dUlYmO iSiGll"><input id="3" name="3" data-testid="answer-field" autocomplete="off" placeholder="Login to answer.." data-sentry-element="TextField" data-sentry-source-file="question-and-answer-item.tsx"
class="sc-fjvvzt jMErKq" value="" disabled=""></div>
</div>
</div>
<div data-sentry-element="StyledButtonsContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-fNZVXS cqVYyn"><button color="add" type="submit" role="button" data-sentry-element="StyledButton"
data-sentry-source-file="question-and-answer-item.tsx" class="sc-kAyceB bWrVDc sc-kGCWdC sc-jHrxRT etKgBx jQoacY">Login to answer..</button></div>
</form><form data-sentry-element="StyledForm" data-sentry-source-file="question-and-answer-item.tsx" class="sc-jRsTgw iVtqLT">
<div data-sentry-element="StyledTextfieldContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-ivewpf bdpwdP">
<div class="sc-iHmpnF bzeICu">
<div class="sc-gEvEer sc-uVWWZ dUlYmO iSiGll"><input id="1" name="1" data-testid="answer-field" autocomplete="off" placeholder="Login to answer.." data-sentry-element="TextField" data-sentry-source-file="question-and-answer-item.tsx"
class="sc-fjvvzt jMErKq" value="" disabled=""></div>
</div>
</div>
<div data-sentry-element="StyledButtonsContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-fNZVXS cqVYyn"><button color="add" type="submit" role="button" data-sentry-element="StyledButton"
data-sentry-source-file="question-and-answer-item.tsx" class="sc-kAyceB bWrVDc sc-kGCWdC sc-jHrxRT etKgBx jQoacY">Login to answer..</button></div>
</form><form data-sentry-element="StyledForm" data-sentry-source-file="question-and-answer-item.tsx" class="sc-jRsTgw iVtqLT">
<div data-sentry-element="StyledTextfieldContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-ivewpf bdpwdP">
<div class="sc-iHmpnF bzeICu">
<div class="sc-gEvEer sc-uVWWZ dUlYmO iSiGll"><input id="2" name="2" data-testid="answer-field" autocomplete="off" placeholder="Login to answer.." data-sentry-element="TextField" data-sentry-source-file="question-and-answer-item.tsx"
class="sc-fjvvzt jMErKq" value="" disabled=""></div>
</div>
</div>
<div data-sentry-element="StyledButtonsContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-fNZVXS cqVYyn"><button color="add" type="submit" role="button" data-sentry-element="StyledButton"
data-sentry-source-file="question-and-answer-item.tsx" class="sc-kAyceB bWrVDc sc-kGCWdC sc-jHrxRT etKgBx jQoacY">Login to answer..</button></div>
</form><form data-sentry-element="StyledForm" data-sentry-source-file="question-and-answer-item.tsx" class="sc-jRsTgw iVtqLT">
<div data-sentry-element="StyledTextfieldContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-ivewpf bdpwdP">
<div class="sc-iHmpnF bzeICu">
<div class="sc-gEvEer sc-uVWWZ dUlYmO iSiGll"><input id="3" name="3" data-testid="answer-field" autocomplete="off" placeholder="Login to answer.." data-sentry-element="TextField" data-sentry-source-file="question-and-answer-item.tsx"
class="sc-fjvvzt jMErKq" value="" disabled=""></div>
</div>
</div>
<div data-sentry-element="StyledButtonsContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-fNZVXS cqVYyn"><button color="add" type="submit" role="button" data-sentry-element="StyledButton"
data-sentry-source-file="question-and-answer-item.tsx" class="sc-kAyceB bWrVDc sc-kGCWdC sc-jHrxRT etKgBx jQoacY">Login to answer..</button><button color="hint" type="button" role="button" class="sc-kAyceB dtlBUx sc-kGCWdC etKgBx"><svg
aria-hidden="true" focusable="false" data-prefix="far" data-icon="lightbulb" class="svg-inline--fa fa-lightbulb " role="img" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 384 512">
<path fill="currentColor"
d="M112.1 454.3c0 6.297 1.816 12.44 5.284 17.69l17.14 25.69c5.25 7.875 17.17 14.28 26.64 14.28h61.67c9.438 0 21.36-6.401 26.61-14.28l17.08-25.68c2.938-4.438 5.348-12.37 5.348-17.7L272 415.1h-160L112.1 454.3zM192 0C90.02 .3203 16 82.97 16 175.1c0 44.38 16.44 84.84 43.56 115.8c16.53 18.84 42.34 58.23 52.22 91.45c.0313 .25 .0938 .5166 .125 .7823h160.2c.0313-.2656 .0938-.5166 .125-.7823c9.875-33.22 35.69-72.61 52.22-91.45C351.6 260.8 368 220.4 368 175.1C368 78.8 289.2 .0039 192 0zM288.4 260.1c-15.66 17.85-35.04 46.3-49.05 75.89h-94.61c-14.01-29.59-33.39-58.04-49.04-75.88C75.24 236.8 64 206.1 64 175.1C64 113.3 112.1 48.25 191.1 48C262.6 48 320 105.4 320 175.1C320 206.1 308.8 236.8 288.4 260.1zM176 80C131.9 80 96 115.9 96 160c0 8.844 7.156 16 16 16S128 168.8 128 160c0-26.47 21.53-48 48-48c8.844 0 16-7.148 16-15.99S184.8 80 176 80z">
</path>
</svg>Hint</button></div>
</form><form data-sentry-element="StyledForm" data-sentry-source-file="question-and-answer-item.tsx" class="sc-jRsTgw iVtqLT">
<div data-sentry-element="StyledTextfieldContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-ivewpf bdpwdP">
<div class="sc-iHmpnF bzeICu">
<div class="sc-gEvEer sc-uVWWZ dUlYmO iSiGll"><input id="1" name="1" data-testid="answer-field" autocomplete="off" placeholder="Login to answer.." data-sentry-element="TextField" data-sentry-source-file="question-and-answer-item.tsx"
class="sc-fjvvzt jMErKq" value="" disabled=""></div>
</div>
</div>
<div data-sentry-element="StyledButtonsContainer" data-sentry-source-file="question-and-answer-item.tsx" class="sc-fNZVXS cqVYyn"><button color="add" type="submit" role="button" data-sentry-element="StyledButton"
data-sentry-source-file="question-and-answer-item.tsx" class="sc-kAyceB bWrVDc sc-kGCWdC sc-jHrxRT etKgBx jQoacY">Login to answer..</button></div>
</form>Text Content
You need to enable JavaScript to run this app.
* Learn
* Compete
* For Education
* For Business
* Pricing
Learn
Compete
For Education
For Business
Pricing
Log InJoin for FREE
Log InJoin for FREE
* Learn
* MAL: Researching
MAL: RESEARCHING
Understanding checksums, how to generate them and their use throughout malware
analysis with online sandboxing & reporting services
easy
0 min
Help
455
Room progress ( 0% )
To access material, start machines and answer questions login.
Task 1Intro
Preface:
Welcome to 2. MP: Research section of my malware analysis series.
Although we will be covering some cryptography theory, I've kept it relevant and
visualised it as best I can. I've provided some resources at the end of the room
in the "Further Reading" task for each of the topics covered.
You can expect to learn about file checksums, why these values are important in
not only day-to-day life but more so how we can utilise them in malware
analysis. The first few tasks are theory-heavy, so bear with me. However,
towards the end of the room, you will be generating your own checksums, learning
how to use online sandboxing, and analysing the reports generated from these.
.:.
As always, any feedback regarding the content covered through the series so far
is greatly appreciated. I always welcome ideas of topics, tools, and techniques
that could be covered.
.:.
~CMNatic
Answer the questions below
Let's go!
Login to answer..
Task 2Deploy!
Task includes a deployable machine
Start Machine
Deploy the instance attached to this task by left-clicking the green "Deploy"
button on the top-right of this task!
You are not expected to interact with the instance just yet - you will be
provided credentials later on throughout the room. But please ensure you are
connected to the TryHackMe OpenVPN before proceeding.
Answer the questions below
I've deployed my instance and ensured I am connected to the THM VPN!
Login to answer..
Task 3Checksums 101
What are Checksums?
Checksums are a prominent attribute within the malware analysis community. But
moreover, the wider Information Technology (IT) industry. Put simply, these
checksums are the result of mathematical operations against an input - where the
output is a sequence of characters.
Ultimately, the markup of data on a computer system is binary, merely ones and
zeros where each value is a "bit". A cryptographic checksum uses these "bits" as
the input for these mathematical operations; the increased complexity of the
mathematical operations applied, the more secure a checksum is considered. These
checksums are also commonly referred to as "hashes".
Because of how cryptographic algorithms work, regardless of the size of the
input - such as a file - the length of the output will remain the same. For
example, take an algorithm and apply these mathematical operations against two
files listed below:
File NameFile SizeMy_Video.mp44GBMy_Selfie.png10MB
Although the file size is vastly different, the length of the output calculated
will be the same, albeit its contents different. For example, in this algorithm
I have as an example, the output length is 12 characters:
File Name
File SizeThe output from the
AlgorithmMy_Video.mp44GB3DEFAD92D23ADMy_Selfie.png10MBFFDE312DAEFF
Whilst the values calculated from the algorithm are different from each file,
they remain the same length - irrespective of the file size. Because the two
files have different contents, in this case, each output is unique for the file.
The increased complexity of the mathematical operations vastly reduces the
chances of two files with different contents from having the same output. If
this was to occur, it is known as a "hash collision". Explaining the math behind
how this happens is out of scope, however, it is extremely rare. To put into
perspective, the hashing algorithm MD5 which is a famous recent example will
need 6 billion files to be hashed per second - for 100 years on average.
(Kornel., 2008)
Whilst it's pretty safe to say that the probability of a hash collision
occurring is pretty low, it is mathematically possible. For example, researchers
(Stevens et al., 2017) report on Shattered.io, where they were able to
demonstrate a SHA1 hash collision in practice. I greatly encourage taking the
time to read through the report to understand how these collisions can be made
into proof of concepts but to also appreciate why discoveries like this are
important in the world of information security.
It's safe to say it's pretty rare for this error to happen, although it is
mathematically possible. We'll visualise this below.
Checksums Continued:
Let's contextualise checksums a bit more. In IT, checksums are used for
verifying the integrity of data. Have you ever copied a file onto a USB drive
where Windows complains that the file is now corrupt? That is data corruption;
binary data was lost somewhere during the transfer process, either due to
software or hardware error.
Due to how these cryptographic algorithms work, namely, they produce a result
after processing a piece of data at every single bit, checksums are fantastic
for verifying if data has completely copied to a new location. Humans can't
compare the binary data (which could be millions of values to compare) of two
files to ensure they are correct. They can, however, compare two-fixed length
values - such as the 12 character length output of the algorithm specified
above. In the real-world, some popular algorithms are SHA1, SHA-256 and in some
cases, SHA-512, where the output length of each algorithm is varied based on its
security.
We'll visualise how hashing algorithms work below:
See here how the contents of the first two files are the same with "TryHackMe".
When using the same algorithm, the generated checksum is the same. This is
because the binary data of these two files are identical, so the same algorithm
will output the same result. This is not a hash collision.
Notice the third file with the same contents of "TryHackMe" resulting in the
same binary data has a different checksum. This is because the algorithm, in
this case, SHA256 instead of the previous MD5, uses different mathematical
operations. The mathematics behind this algorithm is complex in comparison to
MD5, so the length of the output string is longer.
Finally, notice in the screenshot below (the last file in the screenshot above,
just cropped below for clarity) that the contents of the file are now
"TryHackeM" and not "TryHackMe":
Whilst the same algorithm used on the first two files are also used on this file
(MD5) because the contents are now different - albeit very similar - the output
is now different in comparison.
Visualising a Hash Collision:
Okay, bear with me here. It's been pretty theory-heavy I understand...We're
almost there I promise! The example screenshots below outline how the various
outputs will differ based upon either the algorithm used or the contents of the
file. Here we will go through an example of a hash collision:
The contents of the two files above are very different. In the real world, the
differences could be simply adding or removing a character, but I have made
dramatised this example to visualise things better.
A hash collision is when two files with different content (such as the two
above) have the same output. From a mathematics perspective, these files are
identical. However, we know by the contents that they are not at all.
Answer the questions below
Name the term for an individual piece of binary
Login to answer..
What are checksums also known as?
Login to answer..
Name the algorithm that is next in the series after SHA-256
Login to answer..
According to this task, how long will you need to hash 6 million files before a
MD5 hash collision occurs?
Login to answer..
Who developed the MD5 algorithm?
Login to answer..
Task 4Online Sandboxing
What is online Sandboxing?
Sometimes things are left best to the experts. That's especially true in the
case of malware analysis. However, online sandboxing hosts use to a wider
audience than just hobbyists.
In the context of information security, sandboxing is the technique used to
isolate processes to prevent direct interaction with one another. There are many
examples of this. For example, using Virtualbox as a Hypervisor to run the Kali
Linux operating system virtually, in parallel on your main computer. The
processes within Kali Linux interact only through the means of Virtualbox and
has no interference with processes on your main operating system, such as
Windows.
In a malware analysis context, analysts employ virtual environments - such as
those on TryHackMe, to facilitate analysis of potentially malicious code more
securely.
Now, with this being said, malware has been known and can very well escape this
virtual environment onto the analyst's host system. Whilst this risk is somewhat
limited to sophisticated malware, it's very achievable. For
example, CVE-2018-2689 is a CVE for Virtualbox where malware was capable of
escaping this restricted virtual environment. CVE's such as these are extremely
valuable and seldom disclosed due to the actors who discover them and their
intentions, namely malicious malware authors.
I've written more about how malware detects it is in a virtual environment and
the possible routes it can take to escape on my blog. What should be taken away
from this task is that a virtual environment alone does not protect you from
malware. Simply, virtual environments merely provide a convenient platform to
analyse code.
Simply, an online sandbox is this virtual environment - but placed online by
services such as:
* any.run
* hybrid-analysis
These services are fantastic, as it allows hobbyists to begin understanding how
malware behaves with no detriment or risk to themselves. Moreover, online
sandboxing platforms are highly sophisticated and are likely to report
behaviours that an analyst may have missed.
With this said, automated analysis cannot replace the skill and depth that an
analyst can exhibit and traverse too. For example, reverse engineering. These
platforms are only capable of executing malware and generating reports based
upon interactions made with the operating system, any communication attempts and
any signatures left behind. For example:
* Contacting a domain name (DNS Lookups, etc)
* Creating registry keys
* Read/Writing files
* Creating system processes
* Maintaining persistent through system startup entries
All of which are all discoverable by an analyst after some time. Therefore,
online sandboxes are useful for a precursory inspection of a file.
Interacting with an online sandboxing Service:
In the example screenshots below, this sample was run through
the hybrid-analysis service. The sample took a total of 10 minutes and was free
of charge. The report detailed an extensive number of behaviours such as
networking traffic and the execution chain, this would have taken an analyst a
considerable amount of time to of detailed themselves.
Note how the file is still identified only by its "Checksums":
If an analyst was to now search google with any of these checksums, the report
generated by this sandboxing engine will now be provided as a listing for future
analysts.
Proceeding to read through the report, interesting behaviours are summarised
such as those below:
To answer the following questions, read through this analysed sample to solve
the following questions:
Answer the questions below
Name the key term for the type of malware that Emotet is classified as
Login to answer..Hint
Research time! What type of emails does Emotet use as its payload?
Login to answer..
Begin analysing the report, what is the timestamp of when the analysis was made?
Login to answer..Hint
Name the file that is detected as a "Network Trojan"
Login to answer..
What is the PID of the first HTTP GET request?
Login to answer..
What is the only DNS request that is made after the sample is executed?
Login to answer..
Task 5Practical: Calculating & Reporting Checksums
Calculating the MD5 Checksums of provided material:
You will be able to interact with your instance using the in-browser
functionality, however, you may connect via RDP using the details below -
ensuring you are connected to the TryHackMe VPN beforehand.
IP Address: MACHINE_IP
Username: Administrator
Password: Tryhackme123!
I have provided the tools and materials on this Instance for you to complete the
questions. I will go through obtaining the MD5 Checksum of a file using two
methods - you will apply these techniques to answer the questions for this task.
The required material is located on the "Administrator" user's Desktop.
Using the 3rd-party application "HashTab":
1. Right-click the file you wish to retrieve the checksum of. I will be
using "ComplexCalculatorv2" in this example.
2. Left-click the "Properties" title in the drop-down.
3. In the popup, navigate to the "File Hashes" tab, where you will see a
screenshot akin to the one below. Note that this tab is not present on a default
Windows installation:
You can now answer question 1.
Using Windows' "Powershell":
1. Firstly we will need to open up "Powershell". You can do this by opening the
Windows Search bar.
2. Next, change the directory of the users Desktop by using cd Desktop
3. Verify you are in the right directory by using dir to list the files in the
directory. You should see the three below:
Powershell has both CertUtil and File-Hash commands that allow us to retrieve
various checksums of files, including MD5, SHA1, SHA2, and SHA-256. I will
detail the syntax for both below, calculating the MD5 checksum of a file.
Using CertUtil:
CertUtil -hashfile ComplexCalculatorv2.exe MD5|SHA256|SHA512 or "CertUtil
-hashfile <filename> <algorithm>" such as in the example below:
Using FileHash:
Get-FileHash file_name -Algorithm MD5|SHA256|SHA512
Now you can proceed to answer the remaining questions!
Answer the questions below
Using the HashTab tool, what is the MD5 checksum for "LoginForm.exe"?
Login to answer..Hint
Using Get-FileHash in Powershell, retrieve the SHA256 of "TryHackMe.exe"
Login to answer..
What would be the syntax to retrieve the SHA256 checksum of "TryHackMe.exe"
using CertUtil in Powershell?
Login to answer..
Task 6VirusTotal
Another online service that utilises these checksums is Virustotal. Virustotal
acts as an indexer and aggregator for various Anti Virus (AV) engines. When a
checksum is submitted to Virsutotal, fellow malware analysts can view the AV
reports attributed to that file.
Much like a search engine, you can search for reports by a few characteristics,
for example:
* The IP Addresses that samples communicate with
* Checksums
* The file itself
In the screenshot below, I have uploaded the "TryHackMe.exe" executable to
Virustotal. If you were to browse to VirusTotal, you would be able to discover
this report by entering the files' checksum. I have provided the report for
you here.
A THM Contributor, Darkstar7471 has a fantastic room on using both Volatility, a
memory analysis framework and Virustotal. I highly recommend checking it out as
you extract files and interact with VirusTotal to determine their maliciousness
from the aggregated AV ratings.
Read the report provided (here) to answer the questions provided.
Answer the questions below
Navigate to the "Details" tab, what is the other filename and extension reported
as present?
Login to answer..
In the same "Details" tab, what is the reported compilation timestamp?
Login to answer..
What is the THM{} formatted flag on the report?
Login to answer..Hint
Task 7Future Reading (References)
Cryptography and Checksums:
A Meaningful MD5 Hash Collision Attack - (Narayana D. Kashyap., 2008)
Cryptography & Network Security - (Behrouz A. Forozuan., 2007)
The first collision for full SHA-1 - (Stevens et al., 2017) / (Shattered.io)
Blog (Selfless Promo)
So you want to analyse malware?
Sandboxing Engines:
any.run
hybrid-analysis
Answer the questions below
Thanks! I'll stay tuned for more.
Login to answer..
Created by
cmnatic
Room Type
Free Room. Anyone can deploy virtual machines in the room (without being
subscribed)!
Users in Room
13.948
Created
1380 days ago
LEARNING
* Hands-on labs
* For Business
* For Education
* Competitive Hacking
RESOURCES
* About Us
* Newsroom
* Blog
* Glossary
* Work at TryHackMe
SHOP
* Buy Vouchers
* Swag Shop
GET IN TOUCH
* Contact Us
* Forum
We're a gamified, hands-on cyber security training platform that you can access
through your browser.
128 City Road, London, United Kingdom, EC1V 2NX
Copyright TryHackMe 2018-2024
Privacy PolicyTerms of UseAcceptable Use PolicyCookie Policy
Exit split view