Extracting Malware from Malicious Word Document

We received today an obvious phishing email with a Word document attachment. It contained a new malware XML dropper we have been seeing recently. A quick search on Google returned an analysis by techhelplist.com. However, they did not show how to decode the payload. Below is a short video how to do it:


Cymon reports for IP addresses found during the analysis:

Related analyses: