Getting Started with Document Analysis using OfficeMalScanner
Scenario: A user on your organization reported that he accidentally clicked and downloaded a document from an unknown source. You are tasked with the investigation. Perform document analysis and answer the following questions:
Note: Use a separate machine to perform this task.
Tool: OfficeMalScanner
Question 1: Is the document benign or suspicious?
Question 2: At what offset address does the suspicious script reside? Can you dump the suspicious script?
Question 3: Open the dumped script. Can you identify what is the script inside?