Overview

overview

10

Static

static

10

165A20CECE...50.exe

windows7_x64

10

165A20CECE...50.exe

windows10_x64

10

Analysis

  • max time kernel
    118s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-en-20211014
  • submitted
    06-11-2021 09:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    165A20CECE5BD869502D23ED2C9FDF5CB2E83451CCA50.exe

  • Size

    200KB

  • MD5

    07ac7806a3f2bc0fc993d736ecb3572b

  • SHA1

    49b54d7ece61cf9198dfc306a641f0d002b56acb

  • SHA256

    165a20cece5bd869502d23ed2c9fdf5cb2e83451cca502b110f61371da70134d

  • SHA512

    0bb78905d87356841e97e68be1d7c731f5cc4d15fa162017f9c520fceca327c589f8f31b9002c4869179af8626a03e89ef9b667a1a6d5e8f42eef2db98e1e123

Score
10/10
oskiinfostealerspywarestealer

Malware Config

Signatures

  • Oski

    Oski is an infostealer targeting browser data, crypto wallets.

    infostealeroski
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\165A20CECE5BD869502D23ED2C9FDF5CB2E83451CCA50.exe
    "C:\Users\Admin\AppData\Local\Temp\165A20CECE5BD869502D23ED2C9FDF5CB2E83451CCA50.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:952
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 764
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      PID:1880

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/952-55-0x0000000076431000-0x0000000076433000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1880-56-0x0000000000000000-mapping.dmp
    Download
  • memory/1880-57-0x0000000000A90000-0x0000000000A91000-memory.dmp
    Filesize

    4KB

    Download