Analysis

  • max time kernel
    4294180s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20220311-en
  • submitted
    29-03-2022 16:51

General

  • Target

    187b3e46e853a35f219d356fb64d15448d64b8583d609d0305f4fb4d0fdee9e4.exe

  • Size

    1.2MB

  • MD5

    d7d31c50afe323de88ba07a3dec28567

  • SHA1

    9bdac2e6dd5fe49ae1a2d0d3846e92d56dc6f221

  • SHA256

    187b3e46e853a35f219d356fb64d15448d64b8583d609d0305f4fb4d0fdee9e4

  • SHA512

    f90de9084282975c4a9d5397dc259f7def6c0e0b990518e661cba6f770a3af3b4256fc252602a40be9b685b8de4886f2614d8b6ce18629e2f3462aa4181a4ee5

Score
10/10

Malware Config

Extracted

Family

oski

C2

http://lomidut.tk

Signatures

  • Oski

    Oski is an infostealer targeting browser data, crypto wallets.

  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\187b3e46e853a35f219d356fb64d15448d64b8583d609d0305f4fb4d0fdee9e4.exe
    "C:\Users\Admin\AppData\Local\Temp\187b3e46e853a35f219d356fb64d15448d64b8583d609d0305f4fb4d0fdee9e4.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1616
    • C:\Users\Admin\AppData\Local\Temp\187b3e46e853a35f219d356fb64d15448d64b8583d609d0305f4fb4d0fdee9e4.exe
      "C:\Users\Admin\AppData\Local\Temp\187b3e46e853a35f219d356fb64d15448d64b8583d609d0305f4fb4d0fdee9e4.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1100
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1100 -s 112
        3⤵
        • Program crash
        PID:1884

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1100-67-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

  • memory/1100-58-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

  • memory/1100-59-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

  • memory/1100-61-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

  • memory/1100-63-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

  • memory/1100-65-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

  • memory/1100-70-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

  • memory/1616-55-0x0000000000250000-0x000000000025A000-memory.dmp

    Filesize

    40KB

  • memory/1616-56-0x00000000081E0000-0x00000000082E2000-memory.dmp

    Filesize

    1.0MB

  • memory/1616-57-0x0000000001000000-0x0000000001038000-memory.dmp

    Filesize

    224KB

  • memory/1616-54-0x0000000001060000-0x0000000001194000-memory.dmp

    Filesize

    1.2MB