oski | 243fcf79293c9109eee9cee3077060272b9f5e3adfabd2dbd1323e2ffd58b1df

Analysis

max time kernel
0s
max time network
50s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22-12-2023 14:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c2d2ff688f1345c9c2eb58e8b1d5a5d2.ps1
Size

656KB
MD5

c2d2ff688f1345c9c2eb58e8b1d5a5d2
SHA1

2d25e05272ea1ec9265f183c137b68d66f3981af
SHA256

243fcf79293c9109eee9cee3077060272b9f5e3adfabd2dbd1323e2ffd58b1df
SHA512

bb3464dfde478d0db1ace6d74a98610a18b036bc8eef1e2ee6c814ebb4cc3ff7fa4825dc7f464f6147ce06073e40fb4f3110e3522774c7ba52b9507622c0624b
SSDEEP

12288:EZjw0RJ9u5ILYDxD3fxYehza/tw64s8TVkc5A+:g3gTmr+

Score

10^/10

oski infostealer

Malware Config

Extracted

Family

oski

103.114.107.28/l9/

Signatures

Oski
Oski is an infostealer targeting browser data, crypto wallets.
infostealer oski

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4556	powershell.exe
4556	powershell.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4556	powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\c2d2ff688f1345c9c2eb58e8b1d5a5d2.ps1
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4556
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
  #cmd
  2⤵
  PID:696
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
  #cmd
  2⤵
  PID:4652

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/696-61-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/696-63-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/696-55-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/696-59-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/696-62-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/4556-49-0x00000184D6050000-0x00000184D6070000-memory.dmp

Filesize
128KB

Download
memory/4556-39-0x00000184D6050000-0x00000184D6070000-memory.dmp

Filesize
128KB

Download
memory/4556-54-0x00000184D6080000-0x00000184D6081000-memory.dmp

Filesize
4KB

Download
memory/4556-56-0x00000184EE650000-0x00000184EE660000-memory.dmp

Filesize
64KB

Download
memory/4556-23-0x00000184D6050000-0x00000184D6070000-memory.dmp

Filesize
128KB

Download
memory/4556-13-0x00000184D6050000-0x00000184D6076000-memory.dmp

Filesize
152KB

Download
memory/4556-60-0x00007FFE098B0000-0x00007FFE0A371000-memory.dmp

Filesize
10.8MB

Download
memory/4556-0-0x00000184EE5F0000-0x00000184EE612000-memory.dmp

Filesize
136KB

Download
memory/4556-10-0x00007FFE098B0000-0x00007FFE0A371000-memory.dmp

Filesize
10.8MB

Download
memory/4556-53-0x00000184D6050000-0x00000184D6070000-memory.dmp

Filesize
128KB

Download
memory/4556-51-0x00000184D6050000-0x00000184D6070000-memory.dmp

Filesize
128KB

Download
memory/4556-11-0x00000184EE650000-0x00000184EE660000-memory.dmp

Filesize
64KB

Download
memory/4556-45-0x00000184D6050000-0x00000184D6070000-memory.dmp

Filesize
128KB

Download
memory/4556-43-0x00000184D6050000-0x00000184D6070000-memory.dmp

Filesize
128KB

Download
memory/4556-41-0x00000184D6050000-0x00000184D6070000-memory.dmp

Filesize
128KB

Download
memory/4556-47-0x00000184D6050000-0x00000184D6070000-memory.dmp

Filesize
128KB

Download
memory/4556-37-0x00000184D6050000-0x00000184D6070000-memory.dmp

Filesize
128KB

Download
memory/4556-35-0x00000184D6050000-0x00000184D6070000-memory.dmp

Filesize
128KB

Download
memory/4556-33-0x00000184D6050000-0x00000184D6070000-memory.dmp

Filesize
128KB

Download
memory/4556-31-0x00000184D6050000-0x00000184D6070000-memory.dmp

Filesize
128KB

Download
memory/4556-29-0x00000184D6050000-0x00000184D6070000-memory.dmp

Filesize
128KB

Download
memory/4556-27-0x00000184D6050000-0x00000184D6070000-memory.dmp

Filesize
128KB

Download
memory/4556-25-0x00000184D6050000-0x00000184D6070000-memory.dmp

Filesize
128KB

Download
memory/4556-21-0x00000184D6050000-0x00000184D6070000-memory.dmp

Filesize
128KB

Download
memory/4556-19-0x00000184D6050000-0x00000184D6070000-memory.dmp

Filesize
128KB

Download
memory/4556-17-0x00000184D6050000-0x00000184D6070000-memory.dmp

Filesize
128KB

Download
memory/4556-15-0x00000184D6050000-0x00000184D6070000-memory.dmp

Filesize
128KB

Download
memory/4556-14-0x00000184D6050000-0x00000184D6070000-memory.dmp

Filesize
128KB

Download
memory/4556-12-0x00000184EE650000-0x00000184EE660000-memory.dmp

Filesize
64KB

Download