Analyzing Malicious Microsoft Office Word Malware | HackTheBox Emo

We covered analyzing an office document that has an embedded Macro code written in Visual Basic. The document was claimed to cause ransomware infection so we performed a static analysis including extracting relevant strings, calculating the MD5 hash, metadata and revealing the hidden Macro routine using tools such as olevba. Then we submitted the hash to online analysis engines such as VirusTotal and it was found to be malicious in that it executes a Powershell command that contacts c2 server …

analysis basic code document embedded hackthebox hash hidden infection macro malicious malware md5 metadata microsoft microsoft office office ransomware relevant static analysis strings tools visual basic word word malware written