During your shift as a SOC analyst, the enterprise EDR alerted a suspicious behavior from an end-user machine. The user indicated that he received a recent email with a DOC file from an unknown sender and passed the document for you to analyze.
What is the sha256 hash of the doc file?
Multiple streams contain macros in this document. Provide the number of lowest one.
What is the decryption key of the obfuscated code?
What is the name of the dropped file?
This script uses what language?
What is the name of the variable that is assigned the command-line arguments?
How many command-line arguments does this script expect?
What instruction is executed if this script encounters an error?
What function returns the next stage of code (i.e. the first round of obfuscated code)?
The function LXv5 is an important function, what variable is assigned a key string value in determining what this function does?
What encoding scheme is this function responsible for decoding?
In the function CpPT, the first two for loops are responsible for what important part of this function?
The function CpPT requires two arguments, where does the value of the first argument come from?
For the function CpPT, what does the first argument represent?
What encryption algorithm does the function CpPT implement in this script?
What function is responsible for executing the deobfuscated code?
What Windows Script Host program can be used to execute this script in command-line mode?
What is the name of the first function defined in the deobfuscated code?