Suspicious USB stick

 Completed and begun on 13.12.2022

okayy quick raw writeup for blue team online suspicious usb stick challenge. we're given a zip and it aso has malware samples so i did it in my virtualbox kali vm. okay unzip the files, keep unzipping till i reach autorun.inf and README.pdf. do file on both, it returns windows executable for autorun (obvs) that runs the pdf(File is actually called README.md). file for README returns pdf so obviously the file signature is accurate, that answers question 3. i upload it to virus total and it shows malware, so it doesnt pass virustotal scan. so that answers question 2. i strings the pdf and grep it for exe to see what happens and it returns cmd.exe so that answers question 5. the strings also shows me it is wrapped as a pdf but truly hides something insidious underneath(lmao). And finally, for the last question, i download peepdf, run it on README and it tells me there is only one openaction element. i am curious to see what that is so i search and find out it refers to elements that are executed as soon as the file is opened. this was a pretty quick challenge goodbye.