1
00:00:00,450 --> 00:00:10,020
Hello, welcome back in this black crew, we are going to use Kizzie office analyzer to deba the document.

2
00:00:10,560 --> 00:00:14,820
So the committed to this folder on my desktop, Clonmel.

3
00:00:15,630 --> 00:00:16,770
This will be J3.

4
00:00:17,220 --> 00:00:21,090
So I'm going to make a copy of this before I do anything.

5
00:00:21,090 --> 00:00:22,740
I work on the file.

6
00:00:23,310 --> 00:00:24,990
I'm going to rename it with a done

7
00:00:27,720 --> 00:00:36,180
deal C.M.A extension because he already confirmed that this is the same way we did our earlier analysis.

8
00:00:37,250 --> 00:00:40,770
So now we are going to run it with a.

9
00:00:42,550 --> 00:00:49,300
Glazy office, Analisa, so that is open the common problem from here, the search for the.

10
00:00:53,380 --> 00:01:03,670
And then you navigate to this location half of a mile away, typing speed based location presenter.

11
00:01:04,870 --> 00:01:08,780
Now we run the data screen first we run the video of.

12
00:01:12,800 --> 00:01:22,130
And then give it to be touchups, the path to Microsoft Office, so to find it up, you need to open

13
00:01:22,790 --> 00:01:24,610
a check for the path.

14
00:01:26,300 --> 00:01:39,070
Apart from my computer eating program files, Microsoft Office Office 15, so there's no computer power

15
00:01:39,850 --> 00:01:41,590
over here, put could.

16
00:01:43,250 --> 00:01:49,350
And then they are actively posting and putting a closing quote as well.

17
00:01:50,540 --> 00:02:00,140
And then the next parameter e he type of document, which is word and exit condition, in this case,

18
00:02:00,140 --> 00:02:08,760
I'm going to use none so that he will run until the completion and make sure that you are using your

19
00:02:08,760 --> 00:02:12,590
Whicher machine to do this as I am here.

20
00:02:14,030 --> 00:02:19,600
And then finally, the last parameter is the name of the documents.

21
00:02:19,880 --> 00:02:23,620
The document will be, don't you see him?

22
00:02:24,530 --> 00:02:30,770
So that being all the G three to your him.

23
00:02:31,520 --> 00:02:37,310
And before you enter, make sure you are not connected to the Internet because we don't want you to

24
00:02:37,310 --> 00:02:40,010
go out to the network and compromised the system.

25
00:02:40,700 --> 00:02:45,320
The non parameter here would allow you to run as long as he wants to.

26
00:02:46,100 --> 00:02:47,900
So now you can enter and then run.

27
00:02:50,400 --> 00:02:54,080
So the Microsoft Office is today, that means you can see the files here.

28
00:02:55,080 --> 00:03:03,870
And now here you have the animal content, so just go animal content and go back and review the results

29
00:03:03,870 --> 00:03:08,910
of the analysis and you getting this information.

30
00:03:08,990 --> 00:03:16,920
You know, this could mean the vehicle wasn't properly written or he wasn't able to continue because

31
00:03:16,920 --> 00:03:19,050
he isn't online.

32
00:03:19,950 --> 00:03:26,060
So he'll just click, OK, and in here we can see there or to you or else that has been detected.

33
00:03:26,670 --> 00:03:33,960
So this great controversy to terminate this now and immediately, we can see to you our state is trying

34
00:03:33,960 --> 00:03:38,190
to reach out to this is an indicator of compromise.

35
00:03:39,170 --> 00:03:48,570
So you said this nine Y g cease fire is not the delimiter that we thought he was, but actually it is

36
00:03:48,870 --> 00:03:57,540
the actual father is trying to download and screw up and look at the faster the it is doing.

37
00:03:57,900 --> 00:04:00,390
And you can see how that will be.

38
00:04:00,390 --> 00:04:00,720
Right.

39
00:04:00,930 --> 00:04:05,730
You just assessing the template file and over here.

40
00:04:06,570 --> 00:04:07,170
Right.

41
00:04:07,600 --> 00:04:10,830
He's also accessing the file one more time.

42
00:04:11,820 --> 00:04:19,620
And here you can see it is also opening a temporary Internet file folder with the that means he's trying

43
00:04:19,620 --> 00:04:22,460
to reach out to the Internet to download some things.

44
00:04:23,190 --> 00:04:27,700
And here as well, this custom decays quite harmless.

45
00:04:27,960 --> 00:04:31,650
He's accessing the dictionary for the Microsoft Word.

46
00:04:32,970 --> 00:04:35,460
But what is important here is this.

47
00:04:35,460 --> 00:04:36,150
You are ill.

48
00:04:36,510 --> 00:04:43,810
That confirms the indicator of compromise is trying to reach out to this link here to download something.

49
00:04:44,790 --> 00:04:46,170
So where do we go from here?

50
00:04:46,540 --> 00:04:48,270
We can go and download this file.

51
00:04:48,390 --> 00:04:51,070
We still available and analyze it further.

52
00:04:52,290 --> 00:04:58,650
But what is important is that the analysis has succeeded to find the indicators.

53
00:04:59,850 --> 00:05:03,280
We have achieved our goal for document analysis.

54
00:05:04,440 --> 00:05:11,430
So if this indicate a compromise, we can go and block these four from further access and from further

55
00:05:11,430 --> 00:05:13,290
damage in the organization.

56
00:05:14,130 --> 00:05:16,830
So that's all for this video.

57
00:05:17,070 --> 00:05:18,360
Thank you for watching.