Analysis

  • max time kernel
    91s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220331-en
  • submitted
    04-04-2022 10:52

General

  • Target

    fatura comercial - Indaco EX20858 - OC00015.e.exe

  • Size

    842KB

  • MD5

    e9e7e3bdd64069d3b36e5362bbdcd155

  • SHA1

    8f96d2cd29ee2b7730245737547b7b67867bdd41

  • SHA256

    14a2149ffb9dc7a2bfa96e92ee4d7052222d5550431ffebc471b31859b397024

  • SHA512

    6449ad0e4adf50532336cf7ed7b7c9fa05d74548dc209097fcda50adf2351586ec77a17b4fac2a053599593552368dc8cf82756d300813b4dcc31814cca29174

Score
10/10

Malware Config

Extracted

Family

oski

C2

zubroxmack.cf

Signatures

  • Oski

    Oski is an infostealer targeting browser data, crypto wallets.

  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fatura comercial - Indaco EX20858 - OC00015.e.exe
    "C:\Users\Admin\AppData\Local\Temp\fatura comercial - Indaco EX20858 - OC00015.e.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3404
    • C:\Users\Admin\AppData\Local\Temp\fatura comercial - Indaco EX20858 - OC00015.e.exe
      "C:\Users\Admin\AppData\Local\Temp\fatura comercial - Indaco EX20858 - OC00015.e.exe"
      2⤵
        PID:4148
      • C:\Users\Admin\AppData\Local\Temp\fatura comercial - Indaco EX20858 - OC00015.e.exe
        "C:\Users\Admin\AppData\Local\Temp\fatura comercial - Indaco EX20858 - OC00015.e.exe"
        2⤵
          PID:2908
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 192
            3⤵
            • Program crash
            PID:4500
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 2908 -ip 2908
        1⤵
          PID:176

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2908-132-0x0000000000400000-0x0000000000438000-memory.dmp

          Filesize

          224KB

        • memory/2908-133-0x0000000000400000-0x0000000000438000-memory.dmp

          Filesize

          224KB

        • memory/2908-134-0x0000000000400000-0x0000000000438000-memory.dmp

          Filesize

          224KB

        • memory/3404-124-0x0000000000EB0000-0x0000000000F88000-memory.dmp

          Filesize

          864KB

        • memory/3404-125-0x0000000005E20000-0x00000000063C4000-memory.dmp

          Filesize

          5.6MB

        • memory/3404-126-0x0000000005920000-0x00000000059B2000-memory.dmp

          Filesize

          584KB

        • memory/3404-127-0x0000000005910000-0x000000000591A000-memory.dmp

          Filesize

          40KB

        • memory/3404-128-0x00000000080F0000-0x000000000818C000-memory.dmp

          Filesize

          624KB

        • memory/3404-129-0x0000000008420000-0x0000000008486000-memory.dmp

          Filesize

          408KB