Overview

overview

10

Static

static

10

2a000e6869...2f.exe

windows7-x64

10

2a000e6869...2f.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 05:27

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2a000e68693fc94e1c93d7649712eb2f.exe

  • Size

    200KB

  • MD5

    2a000e68693fc94e1c93d7649712eb2f

  • SHA1

    e5a8846d7161c3464987acb8c6ae610cafef4da1

  • SHA256

    e8fd915f6c176308283f7567c4b2cbdbdcf617328492c9d09fcfd6364a6ddfba

  • SHA512

    2438330cb252cf56546ec41e612db023d79ac338ead188d34020d54a01fe73b2ae83ad67d3c724bc83eab74830cd58d4c21c7967b355a89f753a189022d4122e

  • SSDEEP

    3072:WfUomEuYm98dlSq7gt5q7Dx+XgS6aCEwhOfUbCalNT2pbB3fIU1Xi6FLPo3c:WfUauY68uSWCx+XA7mg2pNB1Ljo3c

Score
10/10
oskiinfostealerspywarestealer

Malware Config

Signatures

  • Oski

    Oski is an infostealer targeting browser data, crypto wallets.

    infostealeroski
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2a000e68693fc94e1c93d7649712eb2f.exe
    "C:\Users\Admin\AppData\Local\Temp\2a000e68693fc94e1c93d7649712eb2f.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3040
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 616
      2⤵
      • Program crash
      PID:2828

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads