# The Suspicious Chocolate.exe

### Overview
---
**Room URL:** [https://tryhackme.com/room/adventofcyberpreptrack](https://tryhackme.com/room/adventofcyberpreptrack)  
**Difficulty:** Easy  
**Category:**  Prep  
**Date Completed:**  12/1/2025  

### Objectives
Determine if `chocolate.exe` is safe or infected.

---
### Table of Contents
[Introduction](#bkmrk-introduction)  
[Walk Through](#bkmrk-walk-through)  
[Lessons Learned](#bkmrk-lessons-learned)  
[Resources](#bkmrk-resources)  

---
### Introduction
A suspicious USB labeled "SOCMAS Party Playlist" containing `chocolate.exe` arrives on your desk. You must use a simulated VirusTotal tool to scan the file and determine if it's safe or malicious—a critical skill for identifying threats before they compromise systems.

---
### Walk Through
1. Click the view site button on THM
    1. This brings up a simulated virustotal website preloaded with `chocolate.exe`
2. Clicking scan to scan the `.exe` file on virtustotal
3. After clicking scan, the website scans the file and loads the results
    1. The website loaded results from 48 vendors
        1. Clean Vendor A
        2. Clean Vendor B
        3. Malhare Labs
        4. +45 other vendors marked this file as clean
    2. Malhare labs is classified as `MalhareTorjan` with `ref:ML-2025-011
4. This file is not free from viruses. 
[![suspiciouschocolate.png](https://bookstack.rizzoit.com/uploads/images/gallery/2025-12/scaled-1680-/suspiciouschocolate.png)](https://bookstack.rizzoit.com/uploads/images/gallery/2025-12/suspiciouschocolate.png)

---
### Lessons Learned
In this activity, I learned how to use VirusTotal to scan files for viruses and identify malicious threats across multiple security vendors.

---
### Resources
[TryHackMe](tryhackme.com)  
[Virus Total](https://www.virustotal.com/gui/home/upload)