Analysis

  • max time kernel
    38s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20220331-en
  • submitted
    06-04-2022 15:12

General

  • Target

    2DF2BB4BA1E6580FA4368F8B2CF681FE.exe

  • Size

    200KB

  • MD5

    2df2bb4ba1e6580fa4368f8b2cf681fe

  • SHA1

    f47e87ba69f94bf626c27bde2708fd2686df203b

  • SHA256

    24135e78ecf7c7e30984c0f38d381f528c2400f4b7f4a05d5c37bdcf9365ced1

  • SHA512

    6ce1b41058aec26c6226ffd5dca84300b29a3243bb9c3c6092d6356a9bed26c165bc7587d562329fe933b5420399ce3b4e235d0fc5c2b00d3a02f95ce2becdcb

Malware Config

Signatures

  • Oski

    Oski is an infostealer targeting browser data, crypto wallets.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2DF2BB4BA1E6580FA4368F8B2CF681FE.exe
    "C:\Users\Admin\AppData\Local\Temp\2DF2BB4BA1E6580FA4368F8B2CF681FE.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:800
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 800 -s 772
      2⤵
      • Program crash
      PID:948

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/800-54-0x0000000076A51000-0x0000000076A53000-memory.dmp

    Filesize

    8KB