Are you analyzing malicious office documents that your users dutifully send to you daily, or are you satisfied with just throwing it on VirusTotal and hoping for the best? In this talk I'll discuss why you should be manually analyzing ALL documents that make it through your email filters. You don't need a full time malware analyst to just do some cursory investigation. In this talk I'll show you how to analyze malicious office docs so you can quickly triage the threat. Are you blocking the delivery URLs? Does your A/V detect the second stage? Was this a targeted attack to your organization or just a shotgun blast that you got caught in? I will present a methodology for getting quick information from the document, share some tools I've found which make the job easier, and introduce some quick wins to decrease your overall malware volume.