Analysis
-
max time kernel
127s -
max time network
163s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
25-06-2022 05:54
General
-
Target
5e71696919b1dcac97300cee304cec686b19aee23888b1a35822dc974dacb542.exe
-
Size
837KB
-
MD5
f123e73cc5fd5e6de566d0515ddb03b2
-
SHA1
2a3f62804a340bd9ae3afa2626653942c8ec33a7
-
SHA256
5e71696919b1dcac97300cee304cec686b19aee23888b1a35822dc974dacb542
-
SHA512
fe99aa5e074b5b0a3c74ea9a0346c5e6f36533de2c28d0ba7c7a05461105d07f1e2260a90293efc36797c9a1af6593abb5d2a6e95b4f7fc8cadd25bd74ae51dc
Score
10/10
Malware Config
Extracted
Family
oski
C2
fsefsfeg.xyz
Signatures
-
Oski
Oski is an infostealer targeting browser data, crypto wallets.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Program crash 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5e71696919b1dcac97300cee304cec686b19aee23888b1a35822dc974dacb542.exe"C:\Users\Admin\AppData\Local\Temp\5e71696919b1dcac97300cee304cec686b19aee23888b1a35822dc974dacb542.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4888 -s 13522⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 4888 -ip 48881⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4888-130-0x0000000000600000-0x0000000000654000-memory.dmpFilesize
336KB
-
memory/4888-131-0x0000000000400000-0x00000000004D1000-memory.dmpFilesize
836KB
-
memory/4888-132-0x0000000000400000-0x00000000004D1000-memory.dmpFilesize
836KB