ffc835c9a950beda17fa79dd0acf28d1df3835232877b5fdd512b3df2ffb2431 | Triage

Submit
Reports

Overview

overview

Static

static

8

ffc835c9a9...31.doc

windows7-x64

ffc835c9a9...31.doc

windows10-2004-x64

Sharing

General

Target

ffc835c9a950beda17fa79dd0acf28d1df3835232877b5fdd512b3df2ffb2431
Size

33KB
Sample

230208-rt99fsba4w
MD5

14bb45bc44bccbce3f8bffa30b27f40c
SHA1

ba321a4b63a1a548d10cbef0b27363c04a2548ff
SHA256

ffc835c9a950beda17fa79dd0acf28d1df3835232877b5fdd512b3df2ffb2431
SHA512

3dd05007645e337e6eec734ae66928676aa62e567bde7578b56affbe5736030761734164e899de2313aab4c61071213032c16b024974d30a286929f50e8a11ce
SSDEEP

192:wVUquyZEozyGc6ri5bv/0yl3on52FSwOyhQd0jQ+xZCp/Vqnx4tubUsUa:wVUiyGcS2r3w2zQd0jQ+aptMx4t

Score

10^/10

macro

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ffc835c9a950beda17fa79dd0acf28d1df3835232877b5fdd512b3df2ffb2431.doc

Resource

win7-20221111-en

windows7-x64

14 signatures

300 seconds

Behavioral task

behavioral2

Sample

ffc835c9a950beda17fa79dd0acf28d1df3835232877b5fdd512b3df2ffb2431.doc

Resource

win10v2004-20221111-en

windows10-2004-x64

9 signatures

300 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://butteradvertising.com/kk.exe

Targets

- Target
  
  ffc835c9a950beda17fa79dd0acf28d1df3835232877b5fdd512b3df2ffb2431
- Size
  
  33KB
- MD5
  
  14bb45bc44bccbce3f8bffa30b27f40c
- SHA1
  
  ba321a4b63a1a548d10cbef0b27363c04a2548ff
- SHA256
  
  ffc835c9a950beda17fa79dd0acf28d1df3835232877b5fdd512b3df2ffb2431
- SHA512
  
  3dd05007645e337e6eec734ae66928676aa62e567bde7578b56affbe5736030761734164e899de2313aab4c61071213032c16b024974d30a286929f50e8a11ce
- SSDEEP
  
  192:wVUquyZEozyGc6ri5bv/0yl3on52FSwOyhQd0jQ+xZCp/Vqnx4tubUsUa:wVUiyGcS2r3w2zQd0jQ+aptMx4t
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy