Case 2

Scenario: You are a Level 1 SOC Analyst. Several suspicious emails have been forwarded to you from other coworkers. You must obtain details from each email for your team to implement the appropriate rules to prevent colleagues from receiving additional spam/phishing emails.

A malicious attachment from a phishing email was uploaded to Any Run for analysis.

Questions

What does AnyRun classify this email as?

Answer: Suspicious activity

What is the name of the PDF file?

Answer: Payment-updateid.pdf

What is the SHA 256 hash for the PDF file?

Answer: CC6F1A04B10BCB168AEEC8D870B97BD7C20FC161E8310B5BCE1AF8ED420E2C24

What two IP addresses are classified as malicious? Defang the IP addresses. (answer: IP_ADDR,IP_ADDR)

Answer: 2[.]16[.]107[.]24,2[.]16[.]107[.]83

What Windows process was flagged as Potentially Bad Traffic?

Answer: svchost.exe