Advent of Cyber 2022 [Day6] Email Analysis — It’s beginning to look a lot like phishing by Karthikeyan Nagaraj
Advent of Cyber 2022 Day 6 — It’s beginning to look a lot like phishing Walkthrough Answers
- What is the email address of the sender?
Click Split view in the top and open the File in the Machine
Ans: Answer is in the Above image --> (From: )2. What is the return address?
3. On whose behalf was the email sent?
Ans: Chief elf4. What is the X-spam score?
Ans: 35. What is hidden in the value of the Message-ID field?
We have to Decode the base64 String
Ans: AoC2022_Email_Analysis6. Visit the email reputation check website provided in the task.
What is the reputation result of the sender’s email address?
Open the Website emailrep
Ans: Risky7. Check the attachments. What is the filename of the attachment?
For Further Investigations, I’m Sending the File from Remote machine to my Machine!!
Ans: Answer is in the Above Image (filename: )8. What is the hash value of the attachment?
Use this Analyser to Analye the .eml File
You will get the Hash
Ans: Answer is in the Above Image9. Visit the Virus Total website and use the hash value to search.
Navigate to the behaviour section.
What is the second tactic marked in the Mitre ATT&CK section?
Open Virustotal and Search for the hash
Ans: Answer is in the Above Image (2nd Subtitle)10. Visit the InQuest website and use the hash value to search.
What is the subcategory of the file.
Open Inquest and Click Indicator Lookup and Search with the Hash
Ans: Macro_hunterThank you for Reading~~
Happy Hacking ~
Author : Karthikeyan Nagaraj ~ Cyberw1ngTryhackme , Advent of Cyber 4 2022 Answers/writeups/walkthrough
