From 24886d88e79bfcfbd40f23a2ffcf17caddf5c835 Mon Sep 17 00:00:00 2001
From: marius <11855163+norandom@users.noreply.github.com>
Date: Sun, 23 Jun 2024 20:07:12 +0200
Subject: [PATCH] Simulator code to auto-accept Excel Macros

---
 .../Simulator/enable_content.png              | Bin 0 -> 891 bytes
 .../Simulator/simulator.py                    |  49 ++++++++++++++++++
 2 files changed, 49 insertions(+)
 create mode 100755 2-4-initial-access-malware/Simulator/enable_content.png
 create mode 100755 2-4-initial-access-malware/Simulator/simulator.py

diff --git a/2-4-initial-access-malware/Simulator/enable_content.png b/2-4-initial-access-malware/Simulator/enable_content.png
new file mode 100755
index 0000000000000000000000000000000000000000..b16cbf22215f28d05b3da2584a1d543cd90ca3e1
GIT binary patch
literal 891
zcmV->1BCpEP)<h;3K|Lk000e1NJLTq003D4000sQ1^@s6FqCot00001b5ch_0Itp)
z=>Px#1ZP1_K>z@;j|==^1poj532;bRa{vGi!vFvd!vV){sAK>D0}x3>K~z{r?Nv=n
zGEo%1)32~qpvwxQjaf@+QL7N_2iOk?0^Ni`BHALCEvtpwqKyS@vyGq#F4aW@Wjk$`
zA7wu0<y`LEcWfqKqe0#S5BE9uJm-F#IWuGQ`~88KA{z|ccO9eG>rGXW-DpO)+x=hU
zAGWcJ?8ev9t!8vOovEspE5FHaZ*RYTs%d{KW^h3r^Yin6&FT2~_#j=aRwM2dRykJd
zkHW&jf~eQ)mN5q6b~-1TNx`znFspeTPIW5OoW;e(Z(mZ)SD~)u^Z7)zTBT9fF`Q^7
zg_-yFccB9Tt9cb_2dZ6Z2Q}wk^PS9(3#&Vi3)@ci`~BkL;(|ut<mAMpt5hnMv7MbA
zIiE-*OgR`a4-1FGrZ~ecAK2K~pqRcEiiA0IHZ(Xt7w_)wj^<PiI7Z$Nao%HTX-OO$
z9MA~A(P$6{Ha9m-y35N;88g-C_4Re2!|U~$`1bZT@$2hr8Ed!OG6v2ua2=R0m&;%B
zuV9sfeb3I$EH$bR4WAL%-QAUWYR=l)n&gN>*J`y$lTN3J1JIR9CE};2rzTw_5+R<?
z=gH@s8GgblU@DKt<HT22SIOt64~xZO#Dl>g`5ePjU0z-$z@DF<We!H2>-Z}F=;(+#
zZfk2x>S4@PADUrN<hj5(k2QrtK{T69F)R}8mrAANe(1#Y^>wMk{3spQ3AKQau7_{?
zO$LY1${!WOg>Zmku}JWEJeE0nKEp2m>FG(lyu6rlMx6yb8jXtE+go~Y_!Q_G0DJI$
z0A6=!V62C3c6QcQr~8gN`MWVZT|8;<`}=$95?#ZbJ3)nAem0w>0v#S6n&#EDV9Z0I
zkhr<I5$EUU#C6Te$_njqb#*0Ux(0Bn)BPVQG7f_aW6b4p)Fs?CtO4-j*xTC^$z)Q_
z0Z#Jw_xHu{8!BIYUJHds_o$sbH#bLX;D-dx9j0oIkB`Oh+baTr0D;d04eJ2tGMNmW
z4H%_UePei;Kfmm68WwP)x$#`a<KyG6pURDendF&_hlhu;R-5)tp4|O}_yhm~>`*`x
Rp(OwS002ovPDHLkV1gKytFiz9

literal 0
HcmV?d00001

diff --git a/2-4-initial-access-malware/Simulator/simulator.py b/2-4-initial-access-malware/Simulator/simulator.py
new file mode 100755
index 0000000..aa2d3c2
--- /dev/null
+++ b/2-4-initial-access-malware/Simulator/simulator.py
@@ -0,0 +1,49 @@
+import os
+import sys
+import time
+import pyautogui
+
+def open_excel_with_macros(file_path):
+    # Get the directory of the current script/executable
+    base_path = getattr(sys, '_MEIPASS', os.path.dirname(os.path.abspath(__file__)))
+    enable_button_image = os.path.join(base_path, 'enable_content.png')
+    
+    # Open Excel through the OS start menu or command line
+    os.startfile(file_path)
+    time.sleep(5)  # Wait for Excel to open
+
+    # Custom timeout mechanism to locate the 'Enable Content' button
+    timeout = 10  # 10 seconds timeout
+    start_time = time.time()
+    enable_button = None
+
+    while (time.time() - start_time) < timeout:
+        enable_button = pyautogui.locateCenterOnScreen(enable_button_image, confidence=0.8)
+        if enable_button:
+            pyautogui.click(enable_button)
+            break
+        time.sleep(1)  # Check every 1 second
+
+    if not enable_button:
+        print("Enable Content button not found, continuing...")
+
+    # Wait for any macros to finish running or other processing
+    time.sleep(10)  # Adjust time based on expected macro execution time
+    
+    # Close Excel without saving
+    pyautogui.hotkey('alt', 'f4')
+    time.sleep(1)
+    pyautogui.press('n')  # Press 'n' in response to Excel's save prompt
+
+def main():
+    directory = r'C:\Users\mariu\Desktop\Corpus'  # Adjust the path to your files
+    files = os.listdir(directory)
+    excel_files = [file for file in files if file.endswith(('.xlsx', '.xlsm'))]
+    
+    for file in excel_files:
+        full_path = os.path.join(directory, file)
+        open_excel_with_macros(full_path)
+        time.sleep(5)  # Adjust as needed between openings
+
+if __name__ == '__main__':
+    main()