Case 3

Scenario: You are a Level 1 SOC Analyst. Several suspicious emails have been forwarded to you from other coworkers. You must obtain details from each email for your team to implement the appropriate rules to prevent colleagues from receiving additional spam/phishing emails.

A malicious attachment from a phishing email was uploaded to Any Run for analysis.

Questions

What is this analysis classified as?

Answer: Malicious activity

What is the name of the Excel file?

Answer: CBJ200620039539.xlsx

What is the SHA 256 hash for the file?

Answer: 5F94A66E0CE78D17AFC2DD27FC17B44B3FFC13AC5F42D3AD6A5DCFB36715F3EB

What domains are listed as malicious? Defang the URLs & submit answers in alphabetical order. (answer: URL1,URL2,URL3)

Answer: biz9holdings[.]com,findresults[.]site,ww38[.]findresults[.]site

What IP addresses are listed as malicious? Defang the IP addresses & submit answers from lowest to highest. (answer: IP1,IP2,IP3)

Answer: 204[.]11[.]56[.]48,103[.]224[.]182[.]251,75[.]2[.]11[.]242

What vulnerability does this malicious attachment attempt to exploit?

Answer: CVE-2017-11882