Forum Discussion
Bronze IIncident Response: Suspicious Email – Part 2 -Help Needed.
Hi,
I'm currently trying to complete this lab but I'm stuck on step 10. I have tried to use the different tools at hand but I'm struggling to extract the VBA and getting the binaries for it. Any help would be much appreciated.
Kind Regards,
jjdeno99
Hi there I managed to solve that Step by manually getting all the "DataDump" Decimalnumbers into one separate file then proceeding to change the Decimals to ASCII. With that you'll get a new file with partially readable Text.
I created a Pythonscript to change the Decimals to ASCII but I suspect oletools has the capability for this aswell, however I'm unfamiliar with them so I just scripted something. Maybe there is further oletools Labs which could provide the necessary background info.
Before this I used olevba to extract the Information of the Binary file.
3 Replies
jjdeno99The specific step I'm stuck on is Step 10
- autom8on
Silver I
I think the numbers may have changed since they changed the GUI here (I first did the lab last year) - I think it used to be Q7. Anyway, my notes aren't the most amazing, but I did find the following screenshot, which I think is how I answered it... thanks to the joy of old person memory, I have little recollection of writing it or how it functions. 🤣
Hope that's of some help...
Sw33pHi there I managed to solve that Step by manually getting all the "DataDump" Decimalnumbers into one separate file then proceeding to change the Decimals to ASCII. With that you'll get a new file with partially readable Text.
I created a Pythonscript to change the Decimals to ASCII but I suspect oletools has the capability for this aswell, however I'm unfamiliar with them so I just scripted something. Maybe there is further oletools Labs which could provide the necessary background info.
Before this I used olevba to extract the Information of the Binary file.
