Analysis
-
max time kernel
27s -
max time network
30s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
31-01-2023 17:35
Behavioral task
behavioral1
Sample
DFE5049756F130F2559746DA26D1A7DCE785B0099A715.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
DFE5049756F130F2559746DA26D1A7DCE785B0099A715.exe
Resource
win10v2004-20220901-en
General
-
Target
DFE5049756F130F2559746DA26D1A7DCE785B0099A715.exe
-
Size
200KB
-
MD5
28682416fd765969c4d42c76d8f59d69
-
SHA1
723de57b27d0b285ea5003907eb2c44159ecef31
-
SHA256
dfe5049756f130f2559746da26d1a7dce785b0099a715b55d3cc6f31361c96c0
-
SHA512
acaa3ffdb154d55137de75c5005d9467a8fc0e02662240b80d6cd5546a03a59e49db85cf41e1dae33f606620058a2a043d1c7966394a5f86e98b8d90143c2fca
-
SSDEEP
3072:WfUomEuYm98dlSq7gt5q7Dx+XgS6aCEwhOfUbCalNT2pbB3fIM1Xi6FLPo3c:WfUauY68uSWCx+XA7mg2pN51Ljo3c
Malware Config
Signatures
-
Oski
Oski is an infostealer targeting browser data, crypto wallets.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Program crash 1 IoCs
pid pid_target Process procid_target 1276 2040 WerFault.exe 26 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2040 wrote to memory of 1276 2040 DFE5049756F130F2559746DA26D1A7DCE785B0099A715.exe 29 PID 2040 wrote to memory of 1276 2040 DFE5049756F130F2559746DA26D1A7DCE785B0099A715.exe 29 PID 2040 wrote to memory of 1276 2040 DFE5049756F130F2559746DA26D1A7DCE785B0099A715.exe 29 PID 2040 wrote to memory of 1276 2040 DFE5049756F130F2559746DA26D1A7DCE785B0099A715.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\DFE5049756F130F2559746DA26D1A7DCE785B0099A715.exe"C:\Users\Admin\AppData\Local\Temp\DFE5049756F130F2559746DA26D1A7DCE785B0099A715.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2040 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 10002⤵
- Program crash
PID:1276
-