Analysis Overview
SHA256
4e3ff2595fc8b32fb44856e856b6d91600fd6a66ab556bc2437a926bf7c8fdb0
Threat Level: Known bad
The file yhyty5.exe was found to be: Known bad.
Malicious Activity Summary
Stormkitty family
StormKitty
StormKitty payload
Unsigned PE
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-07-03 19:23
Signatures
StormKitty payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Stormkitty family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-03 19:23
Reported
2024-07-03 19:29
Platform
win10-20240404-en
Max time kernel
138s
Max time network
139s
Command Line
Signatures
StormKitty
StormKitty payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\yhyty5.exe
"C:\Users\Admin\AppData\Local\Temp\yhyty5.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 157.252.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.143.182.52.in-addr.arpa | udp |
Files
memory/3652-0-0x0000000000C80000-0x0000000000C96000-memory.dmp
memory/3652-1-0x00007FFFA44F3000-0x00007FFFA44F4000-memory.dmp
memory/3652-2-0x00007FFFA44F0000-0x00007FFFA4EDC000-memory.dmp
memory/3652-3-0x00007FFFA44F0000-0x00007FFFA4EDC000-memory.dmp