Wear a hat as a Victim

Updated on

In this section, you will go through the experience as a victim. You will open the email using outlook, open the attachment etc., all the steps what victim had gone through.

This attack is phishing email turned into a ransomware.

1. Brief Instructions

  1. Set up outlook without an email account. For more instructions in detail, see next steps
  2. Open & Export, Import from another program or file
  3. Import Outlook Data File (.pst) located C:\Users\Public\Desktop\eric.shun
    • Note: Please be sure to import pst file from the given location.
  4. Open the Word document attachment in the email from Ann Teek ([email protected])

2. Elaborated Instructions

  1. Click on Start and search outlook, right click to run as administrator

3. Outlook Setup

2. Click on Next

3. Select the radio button No

4. Click on Next

4. Use Outlook without email account

5. Check "Use Outlook without an email account"

6. Click on Finish

5. Import/Export

7. [If prompted] click Ask me later

8. Click on File of Outlook window

9. Select Open & Export

6. Import from another program

10. Select Import from another program or file

11. Click on Next

7. Select Outlook Data File

12. Select Outlook Data File (.pst)

8. Browse to file

Note: Don't click anywhere other than Browse

13. Click on Browse...

9. Open .pst file

14. Type in the Windows explorer browser. 

  • C:\Users\Public\Desktop\ then hit Enter

Note: It is important that you type the exact location.

Tip: If you are using Horizon client (not browser), you can copy/paste this location from this guide to TestDrive user experience environment.

15. Select eric.shun (This is the outlook pst file)

16. Click on open

10. Verify File

Note: Verify that you are importing the right pst file such as eric.shun.pst

17. Click on Next

11. Finish

18. Click on Finish

After import is completed.

19. Click on Inbox

12. Open Attachment

20. [Optional] Read the 1st email from Ann Teek ([email protected])

21. Click and open attachment, the Word document

22. Click on Enable Editing

13. Enable Content

23. Click on Enable Content

Note: You will see Google Chrome and notepad opened up automatically. It is part of the user experience.  This is explained in the "Attack Stages" section 

Previous Article Attack Stages Overview
Next Article Wear a hat as a security operations center (SOC) analyst