5/11/25, 11:28 PM SOC 101 Course Challenges
SOC 101 Challenges / Phishing Analysis Challenge 2
Instructions:
You are a SOC Analyst at Global Logistics. Emily Nguyen, a member of the marketing team, recently
had trouble signing into her Dropbox account after trying to access it for the first time in months
and reached out to her manager for assistance. The next day, she received an email that claims a
password change request was made for her Dropbox account. The email includes a link for
resetting her password, but Emily is unsure if the request is legitimate. Concerned about potential
phishing, she has forwarded the email to the security team for analysis.
Using what you've learned within this domain, perform a detailed email analysis on the
challenge2.eml file to answer the report questions below.
Challenge File:
01_Phishing_Analysis/Challenges/challenge2.eml
Question 1
Based on the contents of the email header, what is the full date and time of the email
delivery?
Sun, 12 May 2024 04:10:52 +0000 Correct!
Question 2
What is the subject of the email?
Reset your Dropbox password Correct!
Question 3
Who was the email sent to?
https://challenges.malwarecube.com/#/c/5e3f6ff6-46f7-4042-a969-34fd16451328 1/4
�5/11/25, 11:28 PM SOC 101 Course Challenges
[email protected] Correct!
Question 4
Based on the sender's display name, who does the email claim to be from?
Dropbox Correct!
Question 5
What is the sender's email address?
[email protected] Correct!
Question 6
What email address is used for receiving bounced emails?
0101018f6aff12b2-5bcaa145-861b-45da-a06e-b5c1ee3ca941-000000@ema Correct!
Question 7
What is the IP address of the sender's email server?
54.240.60.143 Correct!
Question 8
What is the resolved hostname of the sender's IP address?
a60-143.smtp-out.us-west-2.amazonses.com Correct!
Question 9
https://challenges.malwarecube.com/#/c/5e3f6ff6-46f7-4042-a969-34fd16451328 2/4
�5/11/25, 11:28 PM SOC 101 Course Challenges
What is the Autonomous System Number (ASN) that owns this IP address?
AS16509 Correct!
Question 10
What was the result of the SPF check?
Pass Correct!
Question 11
What is the full SPF record of the sender's domain?
v=spf1 include:amazonses.com ~all Correct!
Question 12
What is email's Message ID?
0101018f6aff12b2-5bcaa145-861b-45da-a06e-b5c1ee3ca941-000000@us-w Correct!
Question 13
What type of encoding was used to transfer the email body content?
Quoted-printable Correct!
Question 14
Look in the plaintext version of the email. In defanged format, what is the first URL
extracted from the email?
https://challenges.malwarecube.com/#/c/5e3f6ff6-46f7-4042-a969-34fd16451328 3/4
�5/11/25, 11:28 PM SOC 101 Course Challenges
hxxps[://]www[.]dropbox[.]com/l/ABCIzswwTTJ9--CxR05fYXX35pPA-Y0m3PY Correct!
Question 15
Perform a Cisco Talos lookup on the base domain of the URL in the previous question. What
is its web reputation?
Favorable Correct!
Question 16
[Yes or No] - After your analysis, is this email genuine?
yes Correct!
Reset Challenge
This challenge is part of the SOC 101 training course at TCM Academy.
© TCM Security, Inc. 2025
https://challenges.malwarecube.com/#/c/5e3f6ff6-46f7-4042-a969-34fd16451328 4/4
