Analysis
-
max time kernel
28s -
max time network
54s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
-
submitted
02-01-2023 05:36
General
-
Target
c927fbf0a308f0a52924210896ab4efa.exe
-
Size
200KB
-
MD5
c927fbf0a308f0a52924210896ab4efa
-
SHA1
6e139eeb5094862192d5f260b2a62beec9b910f4
-
SHA256
a1fb5c784bc7054210483191ef7a6c47da443b4283442de4eb0d297bce669751
-
SHA512
801ec93cc41051deb1c07818f0935c8b0c087bcf9971e1c43dd1745a0556f6b52ea34f02dfd2d508c95a1ea4f19a3695545cf42c40fefe464c01a9997aa4c3de
-
SSDEEP
3072:WfUomEuYm98dlSq7gt5q7Dx+XgS6aCEwhOfUbCalNT2pbB3fI21Xi6FLPo3c:WfUauY68uSWCx+XA7mg2pNj1Ljo3c
Score
10/10
Malware Config
Signatures
-
Oski
Oski is an infostealer targeting browser data, crypto wallets.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Program crash 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c927fbf0a308f0a52924210896ab4efa.exe"C:\Users\Admin\AppData\Local\Temp\c927fbf0a308f0a52924210896ab4efa.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 7722⤵
- Program crash
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/524-55-0x0000000000000000-mapping.dmp
-
memory/1924-54-0x0000000075091000-0x0000000075093000-memory.dmpFilesize
8KB