5/11/25, 7:45 PM SOC 101 Course Challenges
SOC 101 Challenges / Phishing Analysis Challenge 1
Instructions:
You are a SOC Analyst at Mighty Solutions, Inc. An account executive, Dana Derringer, noticed a
warning email in her inbox claiming her online access has been disabled. However, she noticed this
was odd as she is still able to access her online business platforms and inbox. She decided to
forward the email in question to the security team's phishing mailbox for review.
Using what you've learned within this domain, perform a detailed email analysis on the
challenge1.eml file to answer the report questions below.
Challenge File:
01_Phishing_Analysis/Challenges/challenge1.eml
Question 1
Based on the contents of the email header, what is the full date and time of the email
delivery?
Tue, 31 Oct 2023 10:10:04 -0900 Correct!
Question 2
What is the subject of the email?
Your account has been flagged for unusual activity Correct!
Question 3
Who was the email sent to?
dderringer@mighty-solutions.net Correct!
https://challenges.malwarecube.com/#/c/074e4448-e8d7-4122-86f2-36a4d7b2a18b 1/4
�5/11/25, 7:45 PM SOC 101 Course Challenges
Question 4
Based on the sender's display name, who does the email claim to be from?
Outlook Support Team Correct!
Question 5
What is the sender's email address?
social201511138@social.helwan.edu.eg Correct!
Question 6
What email address is used for receiving bounced emails?
social201511138@social.helwan.edu.eg Correct!
Question 7
What is the IP address of the sender's email server?
40.107.22.60 Correct!
Question 8
What is the resolved hostname of the sender's IP address?
mail-am6eur05on2060.outbound.protection.outlook.com Correct!
Question 9
What corporation owns the sender's IP address?
https://challenges.malwarecube.com/#/c/074e4448-e8d7-4122-86f2-36a4d7b2a18b 2/4
�5/11/25, 7:45 PM SOC 101 Course Challenges
Microsoft Corporation Correct!
Question 10
What was the result of the SPF check?
pass Correct!
Question 11
What is the full SPF record of the sender's domain?
v=spf1 include:spf.protection.outlook.com -all Correct!
Question 12
What is email's Message ID?
JMrByPl2c3HBo8SctKnJ5C5Gp64sPSSWk76p4sjQ@s6 Correct!
Question 13
What type of encoding was used to transfer the email body content?
base64 Correct!
Question 14
In defanged format, what is the second URL extracted from the email?
hxxps[://]0[.]232[.]205[.]92[.]host[.]secureserver[.]net/lclbluewin08812/ Correct!
Question 15
https://challenges.malwarecube.com/#/c/074e4448-e8d7-4122-86f2-36a4d7b2a18b 3/4
�5/11/25, 7:45 PM SOC 101 Course Challenges
Perform a VirusTotal scan on the URL. What verdict did Fortinet assign to it?
Phishing Correct!
Question 16
[Yes or No] - After your analysis, is this email genuine?
no Correct!
Reset Challenge
This challenge is part of the SOC 101 training course at TCM Academy.
© TCM Security, Inc. 2025
https://challenges.malwarecube.com/#/c/074e4448-e8d7-4122-86f2-36a4d7b2a18b 4/4
