Overview

overview

10

Static

static

3

1ab68861cb...33.xll

windows7-x64

1

1ab68861cb...33.xll

windows10-2004-x64

10

Analysis

  • max time kernel
    1s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-12-2023 13:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1ab68861cbb539af250899445e168233.xll

  • Size

    1.2MB

  • MD5

    1ab68861cbb539af250899445e168233

  • SHA1

    e4299a99e197c034b76f9415acb599c810f4f659

  • SHA256

    7b05d46b12945a754e07915535b5c977078818b088ce5de1a31ff40b3c2bef61

  • SHA512

    3ce1f719220f13fafb5fc07d0c8def676fd717ecf3e068088b0e0bf35b686866b0e9adc4cd051fd2990f46df5b120e365e77b93b8f6ff5863297a3fcd6a6a518

  • SSDEEP

    24576:DzbGHAzHKjX1rBY4ZyrE7K3yl8PeVooA/AB2LEgpUqY/CL+elRtA3k0yy3l4VzCa:DziHILpUhxel6k0yyW094

Score
10/10
oskiinfostealer

Malware Config

Extracted

Family

oski

C2

himarkh.xyz

Signatures

  • Oski

    Oski is an infostealer targeting browser data, crypto wallets.

    infostealeroski
  • Program crash 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\1ab68861cbb539af250899445e168233.xll"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1216
    • C:\Users\Admin\AppData\Roaming\service.exe
      "C:\Users\Admin\AppData\Roaming\service.exe"
      2⤵
        PID:3568
        • C:\Users\Admin\AppData\Roaming\service.exe
          "C:\Users\Admin\AppData\Roaming\service.exe"
          3⤵
            PID:4024
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 1300
              4⤵
              • Program crash
              PID:948
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 4024 -ip 4024
        1⤵
          PID:4104

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\1ab68861cbb539af250899445e168233.xll
          Filesize

          43KB

          MD5

          8125477119a277dc58ee20ca3d870b60

          SHA1

          8293d16cb9186b706aff93aae4aa53423cb44908

          SHA256

          46b27065f5436d0560c1e868dc6d071b832316581519ef5a45ac233105aed8e9

          SHA512

          e57a56738f57fdd3613affdcd6e48253e05bb200f6d959cbe35f5ad89df8da0c49898c9389c4be9120c115c2114ccc2661ca6d4fe719544b69692b72a0446ccb

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\1ab68861cbb539af250899445e168233.xll
          Filesize

          47KB

          MD5

          fc68eb85d3deabe1fa002037fd5a8377

          SHA1

          2f866151f4967830d52264d4cb64e2f82e517708

          SHA256

          fb977d5278477cc3f8d14456e7bbf0f2bd4b95ccac417e6fb056c9407eecfd3c

          SHA512

          f24d0f1350261f8b265fcfc01b6e99987fc56757af0f153928e67a9fb9ea26d3581ead2c8da85d2017de9b24aa608e29c654146e1e29474119ab6993443e645c

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\sample.xlsx
          Filesize

          12KB

          MD5

          36cadc2fa9f7938f74061fda9b126a9f

          SHA1

          5252934ac46fb3bc8fdb361880ade043070501bd

          SHA256

          afc8ea53b3eeb62a44ce6d2b4593931d009ec00769410e76478cc88eab59d1f4

          SHA512

          b7668575cea53280a3d553b18e1ac7670eeafab9f2d48db5d86496722e2b1d5d48a3ac3b1e56a8d7198abd771f2d95fef4449792c214dffc2097e62273e7db1f

          Download Submit

        • C:\Users\Admin\AppData\Roaming\service.exe
          Filesize

          6KB

          MD5

          52cc467873c97802fa8f69451aefdefb

          SHA1

          b07990e53b8b7168a2cfeb50b41a833058ba7f55

          SHA256

          5eb2eb29f7cdd9c35ccdf540f6d7a8c1d0198046f5dc12905e5ea02f2b11cbce

          SHA512

          31062d08805e527f14e27a9ad6768df9ec445367800eb479777e3c38469d25630b3953ae16532e38b45965be4472ababce3d2802b68bd0a9a127e390314ad205

          Download Submit

        • C:\Users\Admin\AppData\Roaming\service.exe
          Filesize

          9KB

          MD5

          6325b7526eef46e8ff26c2e57ba83bff

          SHA1

          a07e4bdd3e02a50b81e0b6695c7b3d32c2aed9e4

          SHA256

          4fca2536dcfee43b3b836ed772c80b2e69249f0aaefd36c4dbfc163b0e0326e1

          SHA512

          2fd2c4fd1b3847584552eec82d2e73368009c33c49d35044a5b22dff8038d5498841b6762d5c1a3d5ad502b27b808746c68fab2a161060f1a85c11ed87e92f2e

          Download Submit

        • C:\Users\Admin\AppData\Roaming\service.exe
          Filesize

          19KB

          MD5

          3eedb42e9b33781c3b8aaacbe6db883c

          SHA1

          ca8045378c8469c0b10605f96a0edd38495ef722

          SHA256

          1e30fab074424736cf1370f92b02acc815bb8b0a2fd13aa2a65b4fcbf1829054

          SHA512

          1623f8d2a2e49afac59021f68e97aeb477e86ebc7ed7df276d1c7ac8e29cd5bbaf357d42a22fa82368c5679f1c3b061c390f31964142b4deec80a2bf5a79a23a

          Download Submit

        • C:\Users\Admin\AppData\Roaming\service.exe
          Filesize

          23KB

          MD5

          ed6290341d71279126826af4b1d28c38

          SHA1

          0a7ea22fd136ed0535c86d7c84149515a6f9724c

          SHA256

          bc66d2def584922c5c92470e521c458f54cd75306084dea815d859c015d7e0c4

          SHA512

          2d508e7d1c4e543d049a82078dac5937edfe38b17d1998ca73fd44ce730bc1eb2a197414280f63a6b8fc46f26330005c674d2c953300282fb6ed1529e80b0362

          Download Submit

        • memory/1216-37-0x00000242865C0000-0x0000024286678000-memory.dmp

          Filesize

          736KB

          Download

        • memory/1216-5-0x00007FF846A70000-0x00007FF846C65000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1216-22-0x00007FF846A70000-0x00007FF846C65000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1216-23-0x00007FF846A70000-0x00007FF846C65000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1216-20-0x00007FF846A70000-0x00007FF846C65000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1216-19-0x00007FF846A70000-0x00007FF846C65000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1216-17-0x00007FF846A70000-0x00007FF846C65000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1216-9-0x00007FF846A70000-0x00007FF846C65000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1216-13-0x00007FF804190000-0x00007FF8041A0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1216-11-0x00007FF846A70000-0x00007FF846C65000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1216-10-0x00007FF846A70000-0x00007FF846C65000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1216-8-0x00007FF846A70000-0x00007FF846C65000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1216-6-0x00007FF806AF0000-0x00007FF806B00000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1216-7-0x00007FF846A70000-0x00007FF846C65000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1216-4-0x00007FF846A70000-0x00007FF846C65000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1216-25-0x0000024285960000-0x0000024285AA0000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1216-18-0x00007FF804190000-0x00007FF8041A0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1216-134-0x00007FF81E860000-0x00007FF81F321000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/1216-3-0x00007FF806AF0000-0x00007FF806B00000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1216-1-0x00007FF806AF0000-0x00007FF806B00000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1216-28-0x00000242833E0000-0x00000242833FC000-memory.dmp

          Filesize

          112KB

          Download

        • memory/1216-30-0x00007FF81E860000-0x00007FF81F321000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/1216-34-0x0000024283580000-0x0000024283590000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1216-36-0x0000024283580000-0x0000024283590000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1216-35-0x0000024283580000-0x0000024283590000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1216-33-0x0000024283580000-0x0000024283590000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1216-32-0x0000024283580000-0x0000024283590000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1216-31-0x0000024283580000-0x0000024283590000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1216-0-0x00007FF806AF0000-0x00007FF806B00000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1216-29-0x0000024283460000-0x000002428349A000-memory.dmp

          Filesize

          232KB

          Download

        • memory/1216-14-0x00007FF846A70000-0x00007FF846C65000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1216-12-0x00007FF846A70000-0x00007FF846C65000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1216-15-0x00007FF846A70000-0x00007FF846C65000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1216-21-0x00007FF846A70000-0x00007FF846C65000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1216-16-0x00007FF846A70000-0x00007FF846C65000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1216-129-0x00007FF806AF0000-0x00007FF806B00000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1216-130-0x00007FF806AF0000-0x00007FF806B00000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1216-131-0x00007FF806AF0000-0x00007FF806B00000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1216-133-0x00007FF846A70000-0x00007FF846C65000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1216-132-0x00007FF806AF0000-0x00007FF806B00000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1216-2-0x00007FF806AF0000-0x00007FF806B00000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1216-97-0x0000024283580000-0x0000024283590000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1216-88-0x00007FF846A70000-0x00007FF846C65000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1216-90-0x0000024283580000-0x0000024283590000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1216-89-0x00007FF81E860000-0x00007FF81F321000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/1216-95-0x0000024283580000-0x0000024283590000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1216-96-0x0000024283580000-0x0000024283590000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1216-94-0x0000024283580000-0x0000024283590000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1216-98-0x0000024283580000-0x0000024283590000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3568-72-0x0000000074960000-0x0000000075110000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/3568-75-0x00000000053C0000-0x000000000545C000-memory.dmp

          Filesize

          624KB

          Download

        • memory/3568-109-0x0000000074960000-0x0000000075110000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/3568-78-0x0000000006C80000-0x0000000006C96000-memory.dmp

          Filesize

          88KB

          Download

        • memory/3568-102-0x0000000009410000-0x0000000009448000-memory.dmp

          Filesize

          224KB

          Download

        • memory/3568-71-0x0000000000790000-0x0000000000844000-memory.dmp

          Filesize

          720KB

          Download

        • memory/3568-73-0x00000000058D0000-0x0000000005E74000-memory.dmp

          Filesize

          5.6MB

          Download

        • memory/3568-99-0x0000000074960000-0x0000000075110000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/3568-77-0x00000000052D0000-0x00000000052DA000-memory.dmp

          Filesize

          40KB

          Download

        • memory/3568-100-0x0000000005650000-0x0000000005660000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3568-101-0x0000000006DC0000-0x0000000006E62000-memory.dmp

          Filesize

          648KB

          Download

        • memory/3568-74-0x0000000005220000-0x00000000052B2000-memory.dmp

          Filesize

          584KB

          Download

        • memory/3568-76-0x0000000005650000-0x0000000005660000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4024-107-0x0000000000400000-0x0000000000438000-memory.dmp

          Filesize

          224KB

          Download

        • memory/4024-112-0x0000000000400000-0x0000000000438000-memory.dmp

          Filesize

          224KB

          Download

        • memory/4024-106-0x0000000000400000-0x0000000000438000-memory.dmp

          Filesize

          224KB

          Download

        • memory/4024-105-0x0000000000400000-0x0000000000438000-memory.dmp

          Filesize

          224KB

          Download

        • memory/4024-103-0x0000000000400000-0x0000000000438000-memory.dmp

          Filesize

          224KB

          Download