Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

dc7cce7fed...79.ps1

windows7-x64

10

dc7cce7fed...79.ps1

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    21/03/2024, 19:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dc7cce7fed750c48705f46022f2f9079.ps1

  • Size

    421KB

  • MD5

    dc7cce7fed750c48705f46022f2f9079

  • SHA1

    8dd2028110b31271ae6295b378e9ba435ff124ed

  • SHA256

    9472ff0cd262c6be42e1dd53b1553db0e46022c3133dbeacd3d004d6bfc59bdc

  • SHA512

    db47b205be5ee7d15ddd9765eaed5e1aba8558438ef52bbb4a4324a2428cb5f4a2094fb131f821bead518b791bf0d6d4f5bf8b3112cdc46b695d8851d3e151d8

  • SSDEEP

    12288:+Zjw0RJ9u5ILYDxD3fxYehza/tw64PL68:q3Y

Score
10/10
oskiinfostealer

Malware Config

Extracted

Family

oski

C2

/103.114.107.28/l34/

Signatures

  • Oski

    Oski is an infostealer targeting browser data, crypto wallets.

    infostealeroski
  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\dc7cce7fed750c48705f46022f2f9079.ps1
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:664
    • C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
      "{path}"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2088
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 112
        3⤵
        • Program crash
        PID:2636

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/664-22-0x000007FEF56D0000-0x000007FEF606D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/664-6-0x0000000001EF0000-0x0000000001EF8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/664-7-0x0000000002A30000-0x0000000002AB0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/664-5-0x000007FEF56D0000-0x000007FEF606D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/664-8-0x000007FEF56D0000-0x000007FEF606D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/664-9-0x0000000002A30000-0x0000000002AB0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/664-10-0x0000000002A30000-0x0000000002AB0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/664-11-0x00000000029E0000-0x00000000029EA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/664-4-0x000000001B790000-0x000000001BA72000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2088-12-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2088-14-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2088-15-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2088-17-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2088-18-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2088-19-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2088-21-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2088-13-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download