Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
91s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
01/07/2022, 04:12
Static task
static1
Behavioral task
behavioral1
Sample
caf1bf6339d21c8bf3451420e78097bf7c8fa0a6baad42afa9a4f32981864120.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
caf1bf6339d21c8bf3451420e78097bf7c8fa0a6baad42afa9a4f32981864120.exe
Resource
win10v2004-20220414-en
General
-
Target
caf1bf6339d21c8bf3451420e78097bf7c8fa0a6baad42afa9a4f32981864120.exe
-
Size
293KB
-
MD5
a0d0319e501904cd74e51782e1ab74f9
-
SHA1
b8f7c45ecf8aaabccff860356f03ef02b65f12f6
-
SHA256
caf1bf6339d21c8bf3451420e78097bf7c8fa0a6baad42afa9a4f32981864120
-
SHA512
3cc308094f4dbacd5f9aabc45d074e0b0af08676a694cb2e2898d1880646b22a0b64bbc0211ebf53fea7e6de34c631df6d5632c834298e432f804f7b8f593f10
Malware Config
Extracted
oski
ivchenkosvetlana.online
Signatures
-
Oski
Oski is an infostealer targeting browser data, crypto wallets.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Program crash 1 IoCs
pid pid_target Process procid_target 4896 484 WerFault.exe 79
Processes
-
C:\Users\Admin\AppData\Local\Temp\caf1bf6339d21c8bf3451420e78097bf7c8fa0a6baad42afa9a4f32981864120.exe"C:\Users\Admin\AppData\Local\Temp\caf1bf6339d21c8bf3451420e78097bf7c8fa0a6baad42afa9a4f32981864120.exe"1⤵PID:484
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 484 -s 12442⤵
- Program crash
PID:4896
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 484 -ip 4841⤵PID:1392