-Room Name: Malware Analysis - Egg-xecutable -Room Link: https://tryhackme.com/room/malware-sandbox-aoc2025-SD1zn4fZQt
Static analysis: What is the SHA256Sum of the HopHelper.exe?
F29C270068F865EF4A747E2683BFA07667BF64E768B38FBB9A2750A3D879CA33
Static analysis: Within the strings of HopHelper.exe, a flag with the format THM{XXXXX} exists. What is that flag value?
THM{STRINGS_FOUND}
Dynamic analysis: What registry value has the HopHelper.exe modified for persistence?
HKU\S-1-5-21-1966530601-3185510712-10604624-1008\Software\Microsoft\Windows\CurrentVersion\Run\HopHelper
Dynamic analysis: Filter the output of ProcMon for "TCP" operations. What network protocol is HopHelper.exe using to communicate?
http