Aleyna

Cyber Security

TryHackMe: Phishing Emails 5 Room (Phishing Prevention) Writeup

updated on

The room link.

You should copy-paste the .eml file to your computer. This way you will work faster.

Task 1: Introduction

1.1. What is the email’s timestamp? (answer format: mm/dd/yyyy hh:mm)

We open the .eml file in thunderbird and the timestamp appears in the right corner.

06/10/2020 05:58

1.2. Who is the email from?

If you want, you can look at the .eml file or the thunderbird application. Two screenshots are available below.

Mr. James Jackson

1.3. What is his email address?

In the previous question, there is an email address next to the name.

info@mutawamarine.com

1.4. What email address will receive a reply to this email? 

If you want, you can look at the .eml file or the thunderbird application. Two screenshots are available below.

info.mutawamarine@mail.com

1.5. What is the Originating IP?

In the Received: From section, the IP address of the person who forwarded the email to you will be

192.119.71.157

1.6. Who is the owner of the Originating IP? (Do not include the “.” in your answer.)

If you wish, you can also access this information by sending a whois query to the IP address.

Hostwinds LLC

1.7. What is the SPF record for the Return-Path domain?

We can reach the result by analyzing with PhishTool

v=spf1 include:spf.protection.outlook.com -all

1.8. What is the DMARC record for the Return-Path domain?

We can reach the result by analyzing with PhishTool

v=DMARC1; p=quarantine; fo=1

1.9. What is the name of the attachment?

The Content-Disposition HTTP Header is a response-type header field that contains instructions on how to process the response payload as well as additional information such as the filename when the user saves it locally. 

SWT_#09674321____PDF__.CAB

1.10. What is the SHA256 hash of the file attachment?

We search the filename in the hybrid analysis site and we get SHA256.

2e91c533615a9bb8929ac4bb76707b2444597ce063d84a4b33525e25074fff3f

1.11. What is the attachments file size? (Don’t forget to add “KB” to your answer, NUM KB)

400.26 KB

1.12. What is the actual file extension of the attachment?

RAR

TryHackMe: Phishing Emails 4 Room (Phishing Prevention) Writeup
Tags :

1 Comment

  1. says:
    Posted on
    Yanıtla

    […] TryHackMe: Phishing Emails 5 Room (Phishing Prevention) Writeup TryHackMe: Phishing Emails 3 Room Writeup admin […]

Bir yanıt yazın

E-posta adresiniz yayınlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir