Forum Discussion

jjdeno99's avatar
jjdeno99
Icon for Bronze I rankBronze I
3 months ago
Solved

Incident Response: Suspicious Email – Part 2 -Help Needed.

Hi, I'm currently trying to complete this lab but I'm stuck on step 10. I have tried to use the different tools at hand but I'm struggling to extract the VBA and getting the binaries for it. Any hel...
help & support
immersive labs
  • Sw33p's avatar
    Sw33p
    3 months ago

    Hi there I managed to solve that Step by manually getting all the "DataDump" Decimalnumbers into one separate file then proceeding to change the Decimals to ASCII. With that you'll get a new file with partially readable Text.
    I created a Pythonscript to change the Decimals to ASCII but I suspect oletools has the capability for this aswell, however I'm unfamiliar with them so I just scripted something. Maybe there is further oletools Labs which could provide the necessary background info.
    Before this I used olevba to extract the Information of the Binary file.

jjdeno99's avatar
jjdeno99
Icon for Bronze I rankBronze I
3 months ago

The specific step I'm stuck on is Step 10

  • autom8on's avatar
    autom8on
    Icon for Silver I rankSilver I
    3 months ago

    I think the numbers may have changed since they changed the GUI here (I first did the lab last year) - I think it used to be Q7. Anyway, my notes aren't the most amazing, but I did find the following screenshot, which I think is how I answered it... thanks to the joy of old person memory, I have little recollection of writing it or how it functions. 🤣

    Hope that's of some help...