Analysis

  • max time kernel
    136s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220113
  • submitted
    29-03-2022 16:51

General

  • Target

    187b3e46e853a35f219d356fb64d15448d64b8583d609d0305f4fb4d0fdee9e4.exe

  • Size

    1.2MB

  • MD5

    d7d31c50afe323de88ba07a3dec28567

  • SHA1

    9bdac2e6dd5fe49ae1a2d0d3846e92d56dc6f221

  • SHA256

    187b3e46e853a35f219d356fb64d15448d64b8583d609d0305f4fb4d0fdee9e4

  • SHA512

    f90de9084282975c4a9d5397dc259f7def6c0e0b990518e661cba6f770a3af3b4256fc252602a40be9b685b8de4886f2614d8b6ce18629e2f3462aa4181a4ee5

Score
10/10

Malware Config

Extracted

Family

oski

C2

http://lomidut.tk

Signatures

  • Oski

    Oski is an infostealer targeting browser data, crypto wallets.

  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\187b3e46e853a35f219d356fb64d15448d64b8583d609d0305f4fb4d0fdee9e4.exe
    "C:\Users\Admin\AppData\Local\Temp\187b3e46e853a35f219d356fb64d15448d64b8583d609d0305f4fb4d0fdee9e4.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4220
    • C:\Users\Admin\AppData\Local\Temp\187b3e46e853a35f219d356fb64d15448d64b8583d609d0305f4fb4d0fdee9e4.exe
      "C:\Users\Admin\AppData\Local\Temp\187b3e46e853a35f219d356fb64d15448d64b8583d609d0305f4fb4d0fdee9e4.exe"
      2⤵
        PID:4276
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 4276 -s 232
          3⤵
          • Program crash
          PID:3944
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4276 -ip 4276
      1⤵
        PID:2112

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/4220-130-0x0000000000D70000-0x0000000000EA4000-memory.dmp

        Filesize

        1.2MB

      • memory/4220-131-0x0000000005EC0000-0x0000000006464000-memory.dmp

        Filesize

        5.6MB

      • memory/4220-132-0x0000000005850000-0x00000000058E2000-memory.dmp

        Filesize

        584KB

      • memory/4220-133-0x00000000058F0000-0x00000000058FA000-memory.dmp

        Filesize

        40KB

      • memory/4220-134-0x00000000093D0000-0x000000000946C000-memory.dmp

        Filesize

        624KB

      • memory/4276-136-0x0000000000400000-0x0000000000438000-memory.dmp

        Filesize

        224KB

      • memory/4276-137-0x0000000000400000-0x0000000000438000-memory.dmp

        Filesize

        224KB

      • memory/4276-138-0x0000000000400000-0x0000000000438000-memory.dmp

        Filesize

        224KB