Overview

overview

10

Static

static

10

926FEEEF20...11.exe

windows7-x64

10

926FEEEF20...11.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    44s
  • max time network
    72s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    20-11-2022 04:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    926FEEEF2021947033247905285C46A97964D68945511.exe

  • Size

    200KB

  • MD5

    db21611c14e6b5c000fe1bf415d562a7

  • SHA1

    4e2d2865fe8c6d2a32c6f1b25e4781682c88e6c7

  • SHA256

    926feeef2021947033247905285c46a97964d6894551136915c3b46f55992cb4

  • SHA512

    90a09804394048ae4f237b98126426e0cb6710c660f3eef1ed4a4050bb92d55179a90bddec23af01819e8180fcd674aea3ec886fa2a153350619e129c83accfc

  • SSDEEP

    3072:WfUomEuYm98dlSq7gt5q7Dx+XgS6aCEwhOfUbCalNT2pbB3fI/1Xi6FLPo3c:WfUauY68uSWCx+XA7mg2pNK1Ljo3c

Score
10/10
oskiinfostealerspywarestealer

Malware Config

Signatures

  • Oski

    Oski is an infostealer targeting browser data, crypto wallets.

    infostealeroski
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\926FEEEF2021947033247905285C46A97964D68945511.exe
    "C:\Users\Admin\AppData\Local\Temp\926FEEEF2021947033247905285C46A97964D68945511.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2016
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 780
      2⤵
      • Program crash
      PID:1100

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2016-54-0x00000000761F1000-0x00000000761F3000-memory.dmp

    Filesize

    8KB

    Download