~$ Advent of Cyber 2022 - Day 7
Question 1
What is the version of CyberChef found in the attached VM?
We look at the website header.
![Screenshot of CyberChef](assets/images/walkthrough/thm/aoc-2022/day07/1.png)
Answer: 9.49.0
Question 2
How many recipes were used to extract URLs from the malicious doc?
There are 10 steps.
![Screenshot of the tab title.](assets/images/walkthrough/thm/aoc-2022/day07/2.png)
Answer: 10
Question 3
We found a URL that was downloading a suspicious file; what is the name of that malware?
Once more, we look at the From:
header.
![Screenshot of CyberChef showing a few extracted headers.](assets/images/walkthrough/thm/aoc-2022/day07/3.png)
Answer: mysterygift.exe
Question 4
What is the last defanged URL of the bandityeti domain found in the last step?
Answer: hxxps[://]cdn[.]bandityeti[.]THM/files/index/
Question 5
What is hidden in the value of the Message-ID field?
What is the ticket found in one of the domains? (Format: Domain/<GOLDEN_FLAG>
)
Answer: THM_MYSTERY_FLAG