Analysis
-
max time kernel
402s -
max time network
405s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
28-04-2022 07:35
General
-
Target
appconsole.exe
-
Size
80KB
-
MD5
bbf6a17cc8d96f635840ae1d63223659
-
SHA1
b5675c4a47431bc9690e724228e1093f0a3a74f1
-
SHA256
cbcf13e1e93966e2d5d20a8e53ddd243546d5d531a0c50e840df505640e0c603
-
SHA512
e4e3a0054795d4cd9ace0c38644d119f302d0bf62cfc74a8e4765252c1443aab9ca4cc5de4eda64f47f6417c7fe3367a2f7010f286d90ee3c9fb23eb688bc228
Score
10/10
Malware Config
Signatures
-
StormKitty
StormKitty is an open source info stealer written in C#.
-
StormKitty Payload 1 IoCs
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Program crash 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\appconsole.exe"C:\Users\Admin\AppData\Local\Temp\appconsole.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1980 -s 10842⤵
- Program crash
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
-
Filesize
104KB