LetsDefend Challenge Malware Analysis: Malicious Doc

• What type of exploit is running as a result of the relevant file running on the victim machine?
• What is the relevant Exploit CVE code obtained as a result of the analysis?
• What is the name of the malicious software downloaded from the internet as a result of the file running?
• What is the ip address and port information it communicates with?
• What is the exe name it drops to disk after it runs?

What type of exploit is running as a result of the relevant file running on the victim machine?

与えられたファイルをvirus totalで検索する．

Hint: {rtf.yyyyyyy}

ヒントに合わせて．
A: Rtf.Exploit

What is the relevant Exploit CVE code obtained as a result of the analysis?

virus totalのページにチラチラ見えている．
A: A: CVE-2017-11882

What is the name of the malicious software downloaded from the internet as a result of the file running?

virus totalから分かる．

What is the ip address and port information it communicates with?

jan2.exeをダウンロードしたサーバだと思われる．

What is the exe name it drops to disk after it runs?

virus totalで見ても，anyrunで見ても分からなかったが，joesandboxのあるレポートで謎のexeを確認できた．