One of the employees has received a suspicious document attached in the email. When the e-mail flow is examined, it is seen that there is a suspicious Office file. Employees forward the email to the security team for analysis.

When L1 analysts scan the suspicious file with several different scanning tools, they see that it does not contain VBA macros. Since the file format is similar to phishing, they forwarded the suspicious Office file to you for detailed analysis.

** Since the 2nd payload download addresses are closed, the 2nd payload is in the zip. Please start your analysis from the Office file.

Malicious Office Document (Zip password: infected): /root/Desktop/ChallengeFiles/11f44531fb088d31307d87b01e8eabff.rar

Writeups: