Document Analysis using OfficeMalScanner Toolkit
MalHost-Setup is the last tool we will discuss in the OfficeMalScanner toolkit and what it does is converts the document’s malicious offset into an executable to expedite the process of analysis.
In an incident, time is critical to the responder and it must have the skills and the right set tools to perform such action to be able to quickly timeline the attack.
Open command prompt and run:
MalHost-Setup.exe <document_name> <exe_name> <offset_address>