Persecure : my learning archive

LetsDefend : Malicious Doc

Analyze malicious .doc file

File link: https://app.letsdefend.io/download/downloadfile/factura.zip/
Password: infected

NOTE: Do not open on your local environment. It is malicious file.

Tools used:

  • VirusTotal
  • AnyRun sandbox

Upload the malware in VirusTotal and examine the report. A through examination can be seen with the detection, details, relations and behaviors tabs. To have a more graphically examination the AnyRun sandbox environment can be a good addition.

Question 1

What type of exploit is running as a result of the relevant file running on the victim machine?

Question 2

What is the relevant Exploit CVE code obtained as a result of the analysis?


Question 3

What is the name of the malicious software downloaded from the internet as a result of the file running?


Question 4

What is the ip address and port information it communicates with?


Question 5
What is the exe name it drops to disk after it runs?

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

Comments (

0

)

%d bloggers like this: