The Remote Working Challenge comes with minimal details. It includes a single directive to examine an XLS file, provides a link to a password-protected zip file, and advises against conducting the analysis on your local machine.

now lets find our answers using two OSINT sources: VirusTotal and Joesandbox.

Open up VirusTotal in a new tab, select choose file, browse to your Downloads folder, and open the Excel file. VirusTotal will then open its analysis display screen.

Question 1: What is the date the file was created? Open up the DETAILS tab and scroll down to History to see the Creation Time.

you will find the answer under the ”DETAILS” Tab i highlighted it

Question 2: With what name is the file detected by Bitdefender antivirus? Reopen the DETECTION tab; the answer is in the right-hand column.

just check the “DETECTION” Tab and You will find the answer :)

Question 3: What is the total number of files deposited on the disk? To find this information, you need to utilize another OSINT tool. Navigate to the VirusTotal website and access the COMMUNITY tab. Scroll down through the entries until you come across the one labeled ‘joesecurity.’ If necessary, click the ellipses at the bottom of the page to load additional entries.

just go to this link you will find the full report and the link is : https://www.joesandbox.com/analysis/345832/0/html

and as you can see here :) its only 3 files

Question 4: What is the sha-256 hash of the file with emf extension it drops? That file is the top one in the same screenshot:

this file as you can see its extension and its “SHA-256” is “979DDE2AED02F077C16AE53546C6DF9EED40E8386D6DB6FC36AEE9F966D2CB82”

Question 5: What is the exact URL to which the relevant file goes to download spyware? Open up the RELATIONS tab in VirusTotal and it is right at the top in the Contacted URLs section.

just go back to virustotal and navigate to the relations tab and you will find it there + i highlighted the answer for you :)

thats it i hope you enjoyed this lab :)))))