This is the second part in a post describing how to train your team for incident response and incident investigations.
The first part covered how to analyze the e-mail headers and information in a suspicious e-mail.
The e-mail contained one attachment : koen.vanimpe@c.d.zip. Unzipping the file resulted in a .scr file.
The sha1 is
MD5 is
I uploaded the scr file to Virustotal for further analysis. So far (22-Feb) no-one else submitted a similar sample. … Read more.