TryHackMe Walkthrough – Phishing Emails in Action

Task 1: Introduction

Question 1: No answer needed

Task 2: Cancel your PayPal order

Question 1: What phrase does the gibberish sender email start with?

This answer is in the reading. Look at the email address highlighted with a red circle 2.

Answer: noreply

Task 3: Track your package

Question 1: What is the root domain for each URL? Defang the URL. 

The answer is in the reading. Look at the “email hyperlinks” section. We are looking for a domain and we need to defang it. You can use cyberchef to defang the domain. Do not include the http:// just the domain.

Answer: devret[.]xyz

Task 4: Select you email provider to view document

Question 1: This email sample used the names of a few major companies, their products, and logos such as OneDrive and Adobe. What other company name was used in this phishing email?

This one took a little looking for me. The hint for this question is 4.6MB, so that probably means take a closer look at the attachment. In the very first screenshot under the blue Download Document Here button you can see the blurry text “A contact uses Citrix Files to share documents securely”

Answer: citrix

Task 5: Please update your payment details

Question 1: What should users do if they receive a suspicious email or text message claiming to be from Netflix?

I needed to use the hint for this one, winch is the URL for the consumer affairs site.

Answer: forward the message to

Task 6: Your recent purchase

Question 1: What does BCC mean?

I just know this one, but I’m sure it is in the reading.

Answer: Blind Carbon Copy

Question 2: What technique was used to persuade the victim to not ignore the email and act swiftly?

In the very beginning of the reading the texts list out all the techniques. The third bullet is…

Answer: Urgency

Task 7: DHL Express Courier Shipping notice

Question 1: What is the name of the executable that the Excel attachment attempts to run?

Didn’t have to look far for this one. The answer to this one is in the last screenshot right about the question itself. It list the file and full path that Excel is trying to run.

Answer: regasms.exe

Task 8: Conclusion

Question 1: No answer needed

One thought on “TryHackMe Walkthrough – Phishing Emails in Action”

Comments are closed.