The room link.
You should copy-paste the .eml file to your computer. This way you will work faster.
Task 1: Introduction
1.1. What is the email’s timestamp? (answer format: mm/dd/yyyy hh:mm)
We open the .eml file in thunderbird and the timestamp appears in the right corner.
06/10/2020 05:58
1.2. Who is the email from?
If you want, you can look at the .eml file or the thunderbird application. Two screenshots are available below.
Mr. James Jackson
1.3. What is his email address?
In the previous question, there is an email address next to the name.
info@mutawamarine.com
1.4. What email address will receive a reply to this email?
If you want, you can look at the .eml file or the thunderbird application. Two screenshots are available below.
info.mutawamarine@mail.com
1.5. What is the Originating IP?
In the Received: From section, the IP address of the person who forwarded the email to you will be
192.119.71.157
1.6. Who is the owner of the Originating IP? (Do not include the “.” in your answer.)
If you wish, you can also access this information by sending a whois query to the IP address.
Hostwinds LLC
1.7. What is the SPF record for the Return-Path domain?
We can reach the result by analyzing with PhishTool
v=spf1 include:spf.protection.outlook.com -all
1.8. What is the DMARC record for the Return-Path domain?
We can reach the result by analyzing with PhishTool
v=DMARC1; p=quarantine; fo=1
1.9. What is the name of the attachment?
SWT_#09674321____PDF__.CAB
1.10. What is the SHA256 hash of the file attachment?
We search the filename in the hybrid analysis site and we get SHA256.
2e91c533615a9bb8929ac4bb76707b2444597ce063d84a4b33525e25074fff3f
1.11. What is the attachments file size? (Don’t forget to add “KB” to your answer, NUM KB)
400.26 KB
1.12. What is the actual file extension of the attachment?
RAR
Hello, I am Aleyna Doğan. I work as a Sr. Cyber Threat Intelligence Analyst. In my blog, we write blog posts that my friends and I want to share. Have a good read.
[…] TryHackMe: Phishing Emails 5 Room (Phishing Prevention) Writeup TryHackMe: Phishing Emails 3 Room Writeup admin […]