Spearphishing with Attachment AnyRun Issues Not Returning Results

ControlledCricket9408 · February 20, 2026, 5:20pm

When working on the Spearphishing With An Attachment Guided and Challenge labs, I am having difficulties with AnyRun. In EML, I submit the attachment hash to AnyRun but get well of 49K pages of results. It does not show one or two submissions. Even when there, if you submit the hash directly into the search or the file name, you do not get any results. In the guided exercise, I was able to ignore this section and work through it with Wazuh, but in the challenge exercise it says specifically you will find an address in AnyRun to work in Wazuh later. Need the AnyRun functionality either to work or mention a workaround to get the results you say will be returned. At any rate, I’ll work in Wazuh and see if I can backtrace and find the IP address that way.

Thank you for your help.

JosephWhite · February 20, 2026, 11:48pm

I have forwarded this issue to the instructor.

JosephWhite · February 23, 2026, 9:51pm

@ControlledCricket9408 Thanks for the heads up! This lab has been changed so that you do not have to submit anything to Any.Run. You still get to see the attack from the sandbox’s perspective, but there is no need to submit the hash.

Paul_Wines9557 · February 25, 2026, 3:58pm

Are you doing the challenge practice ?

The IP address can be found in VirusTotal relation tab if I am not mistaken. Then I just use Wazuh do the related stuff… Hope it helps.