Getting Started with Document Analysis using RTFScan

Read Lab Instruction

Scenario: A user on your organization reported that he accidentally clicked and downloaded a document from an unknown source. You are tasked with the investigation. Perform document analysis and answer the following questions:

Note: Use a separate machine to perform this task.

Tool: RTFScan

Question 1: Run the sample document inside OfficeMalScanner, can you identify the output?

Question 2: Does the benign or suspicious or malicious? How so?