Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
127s -
max time network
163s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
25/06/2022, 05:54
Static task
static1
Behavioral task
behavioral1
Sample
5e71696919b1dcac97300cee304cec686b19aee23888b1a35822dc974dacb542.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
5e71696919b1dcac97300cee304cec686b19aee23888b1a35822dc974dacb542.exe
Resource
win10v2004-20220414-en
General
-
Target
5e71696919b1dcac97300cee304cec686b19aee23888b1a35822dc974dacb542.exe
-
Size
837KB
-
MD5
f123e73cc5fd5e6de566d0515ddb03b2
-
SHA1
2a3f62804a340bd9ae3afa2626653942c8ec33a7
-
SHA256
5e71696919b1dcac97300cee304cec686b19aee23888b1a35822dc974dacb542
-
SHA512
fe99aa5e074b5b0a3c74ea9a0346c5e6f36533de2c28d0ba7c7a05461105d07f1e2260a90293efc36797c9a1af6593abb5d2a6e95b4f7fc8cadd25bd74ae51dc
Malware Config
Extracted
oski
fsefsfeg.xyz
Signatures
-
Oski
Oski is an infostealer targeting browser data, crypto wallets.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Program crash 1 IoCs
pid pid_target Process procid_target 3668 4888 WerFault.exe 78
Processes
-
C:\Users\Admin\AppData\Local\Temp\5e71696919b1dcac97300cee304cec686b19aee23888b1a35822dc974dacb542.exe"C:\Users\Admin\AppData\Local\Temp\5e71696919b1dcac97300cee304cec686b19aee23888b1a35822dc974dacb542.exe"1⤵PID:4888
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4888 -s 13522⤵
- Program crash
PID:3668
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 4888 -ip 48881⤵PID:1512