advent-of-cyber-2025

Room Link:
https://tryhackme.com/room/malware-sandbox-aoc2025-SD1zn4fZQt

▶️ TryHackMe – Day 6 Video Walkthrough

Official walkthrough for quick onboarding:

🔗 YouTube Link:
https://youtu.be/Rkszehq3P2c?si=2uX1QTtC_RzJ1ABa

🎄 Advent of Cyber 2025 — Day 6 Write-Up

🧩 Malware Analysis — Egg-xecutable

✅ Challenge Answers

1️⃣ Static Analysis: What is the SHA256Sum of HopHelper.exe?

sha256

F29C270068F865EF4A747E2683BFA07667BF64E768B38FBB9A2750A3D879CA33

2️⃣ Static Analysis: A flag with the format THM{XXXXX} is found in the strings. What is the flag?

strings flag

THM{STRINGS_FOUND}

3️⃣ Dynamic Analysis: What registry value did HopHelper.exe modify for persistence?

registry1 registry2 registry compare

Registry key found:

registry path

HKU\S-1-5-21-1966530601-3185510712-10604624-1008\Software\Microsoft\Windows\CurrentVersion\Run\HopHelper

4️⃣ Dynamic Analysis: Filtering ProcMon output for TCP operations — what network protocol is used?

procmon tcp procmon tcp2 http traffic

http

🧩 Bonus: What web panel is HopHelper.exe communicating with?

C2 panel