Analysis

  • max time kernel
    4294183s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20220311-en
  • submitted
    29-03-2022 18:19

General

  • Target

    74c0613165375c4ecc81a4398a0971f4e497e3f1f7f1f0987100af4565991b40.exe

  • Size

    718KB

  • MD5

    75a5844d899fa2a98c3c68a9b159d2b2

  • SHA1

    dd3768dd750ee5b26d522b591d1c8f34814a1141

  • SHA256

    74c0613165375c4ecc81a4398a0971f4e497e3f1f7f1f0987100af4565991b40

  • SHA512

    b6e0886f1b52047e000571902248b41a8209fa410ef8b4675d182904a755bd96268b59d842be25886406ead50f3497e8905a323c3cd469356ce548d7b3de3ade

Score
10/10

Malware Config

Extracted

Family

oski

C2

80.89.230.198

Signatures

  • Oski

    Oski is an infostealer targeting browser data, crypto wallets.

  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\74c0613165375c4ecc81a4398a0971f4e497e3f1f7f1f0987100af4565991b40.exe
    "C:\Users\Admin\AppData\Local\Temp\74c0613165375c4ecc81a4398a0971f4e497e3f1f7f1f0987100af4565991b40.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1968
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:676
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 676 -s 112
        3⤵
        • Program crash
        PID:540

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/676-57-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

  • memory/676-58-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

  • memory/676-60-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

  • memory/676-62-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

  • memory/676-64-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

  • memory/676-66-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

  • memory/676-69-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

  • memory/1968-54-0x0000000000060000-0x000000000011A000-memory.dmp

    Filesize

    744KB

  • memory/1968-55-0x0000000002140000-0x000000000218C000-memory.dmp

    Filesize

    304KB

  • memory/1968-56-0x0000000000600000-0x000000000061C000-memory.dmp

    Filesize

    112KB