478d992c999a0e93ada1c9aa10644e3abdc207d407492c5bc2710986de4d42be

Metadata

SHA256: 478d992c999a0e93ada1c9aa10644e3abdc207d407492c5bc2710986de4d42be
Difficulty: easy
Platform: Windows
Tags: forensics msoffice olelink openxml
Likes: 1
Views: 40
Submitter: struppigel

Analysis

Goal

Where does this office document get the next stage and how?
When was the document created?

Description

Search all files in the document for URL patterns and you will find it.

The most obvious timestamp is not telling the truth. You will find an answer regarding the creation date if you look more closely at the download URLs.

Recommended Tools

binary refinery oletools

Solutions

No solutions available yet.

Sample