Overview

overview

10

Static

static

1

dac9484cbf...9b.ps1

windows7-x64

10

dac9484cbf...9b.ps1

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    21-03-2024 05:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dac9484cbfa5767670567eec53d8979b.ps1

  • Size

    421KB

  • MD5

    dac9484cbfa5767670567eec53d8979b

  • SHA1

    e920708eb445d8f822d5a85d726bfddaa27dd00f

  • SHA256

    d02672efdf8edc3a02c71889fc5f04ffd4d469de77cca44764edee4592b89ce2

  • SHA512

    cde490119de920287b6d6e7ba84820690b553976b4afe013c53565088383e53a3dfd84bab3808d79a6ba6b4459a9abdd6dd8feda89d6a90f6dc5b6d8997d276f

  • SSDEEP

    12288:+Zjw0RJ9u5ILYDxD3fxYehza/tw644L68:q3j

Score
10/10
oskiinfostealer

Malware Config

Extracted

Family

oski

C2

/103.114.107.28/l22/

Signatures

  • Oski

    Oski is an infostealer targeting browser data, crypto wallets.

    infostealeroski
  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\dac9484cbfa5767670567eec53d8979b.ps1
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:844
    • C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
      "{path}"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2972
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 500
        3⤵
        • Program crash
        PID:2576

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/844-26-0x000007FEF5220000-0x000007FEF5BBD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/844-5-0x0000000001F40000-0x0000000001F48000-memory.dmp

    Filesize

    32KB

    Download

  • memory/844-6-0x000007FEF5220000-0x000007FEF5BBD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/844-7-0x00000000025E0000-0x0000000002660000-memory.dmp

    Filesize

    512KB

    Download

  • memory/844-8-0x000007FEF5220000-0x000007FEF5BBD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/844-9-0x00000000025E0000-0x0000000002660000-memory.dmp

    Filesize

    512KB

    Download

  • memory/844-10-0x00000000025E0000-0x0000000002660000-memory.dmp

    Filesize

    512KB

    Download

  • memory/844-11-0x0000000002A30000-0x0000000002A3A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/844-4-0x000000001B320000-0x000000001B602000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2972-12-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2972-16-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2972-18-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2972-20-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2972-22-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2972-23-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2972-25-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2972-14-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2972-27-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2972-29-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download