This repository contains a comprehensive forensic analysis of a sophisticated phishing campaign targeting Windows users via a deceptive "Formal Compliance Notice".
The analysis focuses on a targeted email attack that employs advanced social engineering, homograph obfuscation, and fileless malware delivery techniques. The goal of the attack is to deceive victims into executing a malicious PowerShell payload under the guise of an "Enhanced Protection" update.
malware_email_forensic_report.md: The primary forensic report detailing incident timeline, technical payload breakdown, header analysis, and risk assessment.
- Fileless Malware Execution: Analysis of a PowerShell "Living off the Land" (LotL) attack that downloads and executes code directly in memory.
- Evasion Techniques:
- Homoglyphs: Use of Cyrillic characters in the subject and body to bypass spam filters.
- Bayesian Poisoning: Randomized hidden HTML comments to confuse statistical analysis engines.
- Authentication Bypass: Documentation of how the attack leveraged legitimate Microsoft infrastructure (
outlook.com) to pass SPF, DKIM, and DMARC checks.
The scripts and commands analyzed in this repository are for educational and forensic purposes only. Do not execute any code provided in the analysis on production systems.
E1DIGITAL Forensic Analysis & Incident Response