2/8/24, 5:34 PM Dynamic Analysis - LetsDefend

HomeLearnPracticeChallengePricing

Phishing Email Analysis

All Lessons Structure
Introduction to Phishing

Information Gathering

What is an Email Header and How to Read

Them?

Email Header Analysis

Static Analysis

Dynamic Analysis

Additional Techniques

https://app.letsdefend.io/training/lesson_detail/dynamic-analysis 1/5
2/8/24, 5:34 PM Dynamic Analysis - LetsDefend

HomeLearnPracticeChallengePricing
Dynamic Analysis

URLs and files can be found in the mail. These files and URL addresses need to be examined.
You don't want your data to be stolen by hackers by running these files on your personal
computer. For this reason, the websites and files in the mail should be run in sandbox
environments and the changes made on the system should be examined, and it should be
checked whether they are harmful or not.

If you want to quickly check the web addresses in the mail, you can see the content of the
website using online web browsers such as Browserling. The good thing about such services
is that you will not be affected by a possible zero-day vulnerability that affects browsers,
since you do not go to the web page on your own computer. The disadvantage of using web
browsers such as Browserling is that if the malicious file is downloaded on the site, you
cannot run this file. For this reason, your analysis will be interrupted.

Before going to the addresses in the mail, it should be checked whether there is important
information in the address. When we examine the example in the image above, when the
user clicks on popularshoppingsite[.]com, it is seen that the address of the user is actually
visited, and the email address of the user in the email parameter. Even if the user does not
enter his / her password on the phishing page, it means that the link in the mail is accessed
when this address is reached and the attacker understands that this user is valid. It can
increase the success rate of the attack it will carry out by doing social engineering attacks
over the users that are valid in the attacks it will carry out later. For this reason, it is
necessary to change the information such as e-mail address before accessing the addresses.

https://app.letsdefend.io/training/lesson_detail/dynamic-analysis 2/5
2/8/24, 5:34 PM Dynamic Analysis - LetsDefend

HomeLearnPracticeChallengePricing

You can examine suspicious files and websites in sandbox environments. When you examine
the files in these environments, you remove the risk of infecting your computer with
malware. Many sandbox services / products are available. These products / services are
available for paid and free use. You can choose one / more of these services according to
your needs.
A few commonly used sandboxes:

VMRay
Cuckoo Sandbox

JoeSandbox

AnyRun

Hybrid Analysis(Falcon Sandbox)

Malware can wait for a certain period of time without any action to make detection
difficult. You must wait for the malware to work before you decide that the examined file is
not harmful.

Twitter LinkedIn Facebook

The fact that there are no urls and files in the mail does not mean that this is not harmful.
The attacker can also send it as a picture so as not to get caught up in the analysis products.

Questions Progress

https://app.letsdefend.io/training/lesson_detail/dynamic-analysis 3/5
2/8/24, 5:34 PM Dynamic Analysis - LetsDefend

HomeLearnPracticeChallengePricing
No Answer Needed Complete

Practice with SOC Alerts

🔗 93 - SOC146 - Phishing Mail Detected - Excel 4.0 Macros

Back Next

LetsDefend

Social

Resources

Support

Community

Plans

https://app.letsdefend.io/training/lesson_detail/dynamic-analysis 4/5
2/8/24, 5:34 PM Dynamic Analysis - LetsDefend

Roles
HomeLearnPracticeChallengePricing

https://app.letsdefend.io/training/lesson_detail/dynamic-analysis 5/5