I created a video for the analysis I described in my last diary entry “Simple Analysis Of A CVE-2021-40444 .docx Document“.
I also cover another sample in that video, that is a bit harder to analyze (and has much lower detection rates on VT).
Remark that I always make sure that you can find the samples I analyze on Malware Bazaar too.
And here is the InQuest blog post I mention in the video: “Microsoft MSHTML Remote Code Execution Vulnerability“.
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.