TryHackMe Intro to Malware Analysis - Full Walkthrough 2026

What to do when you run into a suspected malware.

🏷️🏷️ Room link: https://tryhackme.com/room/intromalwa...

🚩 Learning Objectives 🚩

✅ Understand what malware is.
✅ Use common tools and resources to assist your investigations.
✅ Perform basic static and dynamic analysis.
✅ Set up a safe environment for analysis.

Timestamps:

[00:00] Introduction
[00:53] Malware Analysis
[03:05] Techniques of malware analysis
[05:30] Basic Static Analysis
[12:30] The PE file Header
[23:07] Basic Dynamic Analysis
[30:30] Anti-analysis techniques
[34:33] Conclusion


🐯 Resources Used on the video: 🐯

✅ Malware Analysis In 5+ Hours - Full Course - Learn Practical Malware Analysis! :    • Malware Analysis In 5+ Hours - Full Course...  

🚩🚩 Room Tasks: 🚩🚩

🐯 Task 1: Introduction

🐯 Task 2: Malware Analysis

Which team uses malware analysis to look for IOCs and hunt for malware in a network?

🐯 Task 3: Techniques of malware analysis

Which technique is used for analyzing malware without executing it?
Which technique is used for analyzing malware by executing it and observing its behavior in a controlled environment?

🐯 Task 4: Basic Static Analysis

In the attached VM, there is a sample named 'redline' in the Desktop/Samples directory. What is the md5sum of this sample?
What is the creation time of this sample?

🐯 Task 5: The PE file Header

In the attached VM, there is a sample named 'redline' in the directory Desktop/Samples. What is the entropy of the .text section of this sample?
The sample named 'redline' has five sections. .text, .rdata, .data and .rsrc are four of them. What is the name of the fifth section?
From which dll file does the sample named 'redline' import the RegOpenKeyExW function?
Check out the GUI-based Petree tool and see what information it shows. You can use the following command for using the pe-tree tool to analyze the 'redline' malware. (The pe-tree tool might take some time to initiate.)

🐯 Task 6: Basic Dynamic Analysis

Check the hash of the sample 'redline' on Hybrid analysis and check out the hybrid analysis report. In the process tree, which is the first process launched when the sample is launched?
In the process tree, there are two Windows utilities utilized by the malware to perform its activities. What are the names of the two utilities? (Format: utility1.exe and utility2.exe)

🐯 Task 7: Anti-analysis techniques

Which of the techniques discussed above is used to bypass static analysis?
Which technique discussed above is used to time out a sandbox?

🐯 Task 8: Conclusion


⚠️ Educational Purpose Only
This content is for educational and authorized penetration testing purposes only. Always ensure you have permission before testing on any systems.

Don't forget to 👍 LIKE and 🔔 SUBSCRIBE for more cybersecurity tutorials!

#tryhackme