Analysis
-
max time kernel
38s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220331-en -
submitted
06-04-2022 15:12
Static task
static1
Behavioral task
behavioral1
Sample
2DF2BB4BA1E6580FA4368F8B2CF681FE.exe
Resource
win7-20220331-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
2DF2BB4BA1E6580FA4368F8B2CF681FE.exe
Resource
win10v2004-20220331-en
0 signatures
0 seconds
General
-
Target
2DF2BB4BA1E6580FA4368F8B2CF681FE.exe
-
Size
200KB
-
MD5
2df2bb4ba1e6580fa4368f8b2cf681fe
-
SHA1
f47e87ba69f94bf626c27bde2708fd2686df203b
-
SHA256
24135e78ecf7c7e30984c0f38d381f528c2400f4b7f4a05d5c37bdcf9365ced1
-
SHA512
6ce1b41058aec26c6226ffd5dca84300b29a3243bb9c3c6092d6356a9bed26c165bc7587d562329fe933b5420399ce3b4e235d0fc5c2b00d3a02f95ce2becdcb
Score
10/10
Malware Config
Signatures
-
Oski
Oski is an infostealer targeting browser data, crypto wallets.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Program crash 1 IoCs
pid pid_target Process procid_target 948 800 WerFault.exe 16 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 800 wrote to memory of 948 800 2DF2BB4BA1E6580FA4368F8B2CF681FE.exe 30 PID 800 wrote to memory of 948 800 2DF2BB4BA1E6580FA4368F8B2CF681FE.exe 30 PID 800 wrote to memory of 948 800 2DF2BB4BA1E6580FA4368F8B2CF681FE.exe 30 PID 800 wrote to memory of 948 800 2DF2BB4BA1E6580FA4368F8B2CF681FE.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\2DF2BB4BA1E6580FA4368F8B2CF681FE.exe"C:\Users\Admin\AppData\Local\Temp\2DF2BB4BA1E6580FA4368F8B2CF681FE.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:800 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 800 -s 7722⤵
- Program crash
PID:948
-