LetsDefend Challenge Malware Analysis: Malicious Doc
LetsDefend Challenge Malware Analysis: Malicious Doc
- What type of exploit is running as a result of the relevant file running on the victim machine?
- What is the relevant Exploit CVE code obtained as a result of the analysis?
- What is the name of the malicious software downloaded from the internet as a result of the file running?
- What is the ip address and port information it communicates with?
- What is the exe name it drops to disk after it runs?
What type of exploit is running as a result of the relevant file running on the victim machine?
与えられたファイルをvirus totalで検索する.
Hint: {rtf.yyyyyyy}
ヒントに合わせて.
A: Rtf.Exploit
What is the relevant Exploit CVE code obtained as a result of the analysis?
virus totalのページにチラチラ見えている.
A: A: CVE-2017-11882
What is the name of the malicious software downloaded from the internet as a result of the file running?
virus totalから分かる.
A: jan2.exe
What is the ip address and port information it communicates with?
jan2.exeをダウンロードしたサーバだと思われる.
A: 185.36.74.48:80
What is the exe name it drops to disk after it runs?
virus totalで見ても,anyrunで見ても分からなかったが,joesandboxのあるレポートで謎のexeを確認できた.
A: aro.exe