Windows Analysis Report
IJr8RvvhZ3.exe

Overview

General Information

Sample Name: IJr8RvvhZ3.exe
Analysis ID: 694560
MD5: b77359bc85030f5f856b8010c0ddf6a8
SHA1: 5bff219a3d20203a239a23db69385f2611e67f5d
SHA256: afd36e5d309ba8576b7e6a31ab1b3af4c3c0530052a2c31b97c688c0e2515005
Tags: exe
Infos:

Detection

Gandcrab, ReflectiveLoader
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Yara detected Gandcrab
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Yara detected ReflectiveLoader
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Creates multiple autostart registry keys
Found evasive API chain (may stop execution after checking mutex)
Contains functionality to determine the online IP of the system
Found Tor onion address
Machine Learning detection for sample
May check the online IP address of the machine
Machine Learning detection for dropped file
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Contains functionality to dynamically determine API calls
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Queries information about the installed CPU (vendor, model number etc)
PE file contains an invalid checksum
Drops PE files
Contains functionality to read the PEB
Contains functionality to enumerate device drivers
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Checks for available system drives (often done to infect USB drives)
Uses Microsoft's Enhanced Cryptographic Provider

Classification

AV Detection

barindex
Source: IJr8RvvhZ3.exe Virustotal: Detection: 87% Perma Link
Source: IJr8RvvhZ3.exe Metadefender: Detection: 86% Perma Link
Source: IJr8RvvhZ3.exe ReversingLabs: Detection: 96%
Source: IJr8RvvhZ3.exe Avira: detected
Source: http://gdcbmuveqjsli57x.onion/63b5ce1c617217a5 Avira URL Cloud: Label: malware
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe Avira: detection malicious, Label: TR/Dropper.Gen
Source: IJr8RvvhZ3.exe Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe Joe Sandbox ML: detected
Source: 25.3.mqsmvj.exe.3490000.0.unpack Avira: Label: TR/Patched.Ren.Gen
Source: 3.3.mqsmvj.exe.3790000.0.unpack Avira: Label: TR/Patched.Ren.Gen
Source: 27.0.mqsmvj.exe.f580000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 22.0.mqsmvj.exe.f580000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 25.2.mqsmvj.exe.f580000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 30.0.mqsmvj.exe.f580000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 0.0.IJr8RvvhZ3.exe.f140000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 34.2.mqsmvj.exe.f580000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 39.2.mqsmvj.exe.f580000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 38.0.mqsmvj.exe.f580000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 36.0.mqsmvj.exe.f580000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 23.0.mqsmvj.exe.f580000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 22.2.mqsmvj.exe.f580000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 28.0.mqsmvj.exe.f580000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 19.2.mqsmvj.exe.f580000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 35.2.mqsmvj.exe.f580000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 14.3.mqsmvj.exe.32b0000.0.unpack Avira: Label: TR/Patched.Ren.Gen
Source: 3.0.mqsmvj.exe.f580000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 16.2.mqsmvj.exe.f580000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 14.0.mqsmvj.exe.f580000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 28.3.mqsmvj.exe.3130000.0.unpack Avira: Label: TR/Patched.Ren.Gen
Source: 16.0.mqsmvj.exe.f580000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 15.2.mqsmvj.exe.f580000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 35.3.mqsmvj.exe.3970000.0.unpack Avira: Label: TR/Patched.Ren.Gen
Source: 19.0.mqsmvj.exe.f580000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 23.3.mqsmvj.exe.3a70000.0.unpack Avira: Label: TR/Patched.Ren.Gen
Source: 19.3.mqsmvj.exe.3930000.0.unpack Avira: Label: TR/Patched.Ren.Gen
Source: 15.0.mqsmvj.exe.f580000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 39.3.mqsmvj.exe.2fb0000.0.unpack Avira: Label: TR/Patched.Ren.Gen
Source: 38.2.mqsmvj.exe.f580000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 11.3.mqsmvj.exe.3290000.0.unpack Avira: Label: TR/Patched.Ren.Gen
Source: 37.2.mqsmvj.exe.f580000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 0.2.IJr8RvvhZ3.exe.f140000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 26.0.mqsmvj.exe.f580000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 11.2.mqsmvj.exe.f580000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 39.0.mqsmvj.exe.f580000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 26.2.mqsmvj.exe.f580000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 16.3.mqsmvj.exe.3b50000.0.unpack Avira: Label: TR/Patched.Ren.Gen
Source: 27.2.mqsmvj.exe.f580000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 12.2.mqsmvj.exe.f580000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 30.2.mqsmvj.exe.f580000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 25.0.mqsmvj.exe.f580000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 3.2.mqsmvj.exe.f580000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 12.3.mqsmvj.exe.2fb0000.0.unpack Avira: Label: TR/Patched.Ren.Gen
Source: 28.2.mqsmvj.exe.f580000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 34.0.mqsmvj.exe.f580000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 36.2.mqsmvj.exe.f580000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 23.2.mqsmvj.exe.f580000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 35.0.mqsmvj.exe.f580000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 30.3.mqsmvj.exe.3470000.0.unpack Avira: Label: TR/Patched.Ren.Gen
Source: 37.3.mqsmvj.exe.3bc0000.0.unpack Avira: Label: TR/Patched.Ren.Gen
Source: 0.3.IJr8RvvhZ3.exe.3210000.0.unpack Avira: Label: TR/Patched.Ren.Gen
Source: 11.0.mqsmvj.exe.f580000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 27.3.mqsmvj.exe.3490000.0.unpack Avira: Label: TR/Patched.Ren.Gen
Source: 37.0.mqsmvj.exe.f580000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 12.0.mqsmvj.exe.f580000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 14.2.mqsmvj.exe.f580000.0.unpack Avira: Label: TR/Dropper.Gen
Source: C:\Users\user\Desktop\IJr8RvvhZ3.exe Code function: 0_2_0F148400 VirtualAlloc,CryptAcquireContextW,VirtualAlloc,GetModuleHandleA,LoadLibraryA,GetProcAddress,CryptReleaseContext,VirtualFree,CryptReleaseContext,VirtualFree, 0_2_0F148400
Source: C:\Users\user\Desktop\IJr8RvvhZ3.exe Code function: 0_2_0F144B20 EntryPoint,Sleep,ExitProcess,CreateThread,WaitForSingleObject,TerminateThread,CloseHandle,VirtualAlloc,GetModuleFileNameW,VirtualFree,ExitProcess,Sleep,lstrlenA,VirtualAlloc,CryptStringToBinaryA,ExitProcess,InitializeCriticalSection,DeleteCriticalSection,VirtualAlloc,GetModuleFileNameW,VirtualFree,ShellExecuteW,ExitThread, 0_2_0F144B20
Source: C:\Users\user\Desktop\IJr8RvvhZ3.exe Code function: 0_2_0F145860 VirtualAlloc,VirtualFree,CryptBinaryToStringA,CryptBinaryToStringA,CryptBinaryToStringA,lstrlenA,lstrlenA,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrcatW,lstrcatW,lstrlenW,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcatW,VirtualFree,VirtualFree,VirtualFree,lstrcatW,lstrlenW,lstrlenW,lstrlenA,MultiByteToWideChar,lstrcatW,lstrlenW,lstrlenA,MultiByteToWideChar,lstrcatW,lstrlenW,lstrlenW,VirtualAlloc,lstrlenW,lstrlenW,VirtualFree,lstrlenW,VirtualAlloc,wsprintfA,lstrlenW,CryptBinaryToStringA,GetLastError,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,lstrlenA,MultiByteToWideChar,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree, 0_2_0F145860
Source: C:\Users\user\Desktop\IJr8RvvhZ3.exe Code function: 0_2_0F1482B0 CryptAcquireContextW,VirtualAlloc,GetModuleHandleA,LoadLibraryA,GetProcAddress,CryptReleaseContext,VirtualFree,CryptReleaseContext,VirtualFree, 0_2_0F1482B0
Source: C:\Users\user\Desktop\IJr8RvvhZ3.exe Code function: 0_2_0F1463E0 CryptAcquireContextW,GetLastError,CryptAcquireContextW,CryptGenKey,CryptExportKey,CryptExportKey,CryptDestroyKey,CryptReleaseContext,CryptAcquireContextW, 0_2_0F1463E0
Source: C:\Users\user\Desktop\IJr8RvvhZ3.exe Code function: 0_2_0F145670 VirtualAlloc,VirtualAlloc,wsprintfW,lstrlenW,lstrlenW,VirtualFree,lstrlenW,VirtualAlloc,wsprintfA,VirtualAlloc,CryptBinaryToStringA,GetLastError,lstrlenA,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,VirtualFree,VirtualFree,VirtualFree, 0_2_0F145670
Source: C:\Users\user\Desktop\IJr8RvvhZ3.exe Code function: 0_2_0F146660 EnterCriticalSection,CryptAcquireContextW,GetLastError,CryptAcquireContextW,CryptImportKey,CryptGetKeyParam,CryptEncrypt,GetLastError,CryptReleaseContext,LeaveCriticalSection, 0_2_0F146660
Source: C:\Users\user\Desktop\IJr8RvvhZ3.exe Code function: 0_2_0F1453D0 lstrlenA,VirtualAlloc,CryptStringToBinaryA,lstrlenA,VirtualAlloc,lstrcpyA,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,VirtualFree,GetLastError,lstrlenA,lstrlenA,VirtualAlloc,VirtualAlloc,VirtualAlloc,lstrcatA,lstrlenA,lstrlenW,lstrlenA,VirtualFree,VirtualFree,VirtualFree,VirtualFree,InternetCloseHandle, 0_2_0F1453D0
Source: C:\Users\user\Desktop\IJr8RvvhZ3.exe Code function: 0_2_0F1434F0 lstrlenA,VirtualAlloc,VirtualAlloc,CryptStringToBinaryA,VirtualAlloc,VirtualAlloc,wsprintfW,wsprintfW,wsprintfW,VirtualFree, 0_2_0F1434F0
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe Code function: 3_2_0F585860 VirtualAlloc,VirtualFree,CryptBinaryToStringA,CryptBinaryToStringA,CryptBinaryToStringA,lstrlenA,lstrlenA,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrcatW,lstrcatW,lstrlenW,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcatW,VirtualFree,VirtualFree,VirtualFree,lstrcatW,lstrlenW,lstrlenW,lstrlenA,MultiByteToWideChar,lstrcatW,lstrlenW,lstrlenA,MultiByteToWideChar,lstrcatW,lstrlenW,lstrlenW,VirtualAlloc,lstrlenW,lstrlenW,VirtualFree,lstrlenW,VirtualAlloc,wsprintfA,lstrlenW,CryptBinaryToStringA,GetLastError,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,lstrlenA,MultiByteToWideChar,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree, 3_2_0F585860
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe Code function: 3_2_0F584B20 EntryPoint,Sleep,ExitProcess,CreateThread,WaitForSingleObject,TerminateThread,CloseHandle,VirtualAlloc,GetModuleFileNameW,VirtualFree,ExitProcess,Sleep,lstrlenA,VirtualAlloc,CryptStringToBinaryA,ExitProcess,InitializeCriticalSection,DeleteCriticalSection,VirtualAlloc,GetModuleFileNameW,VirtualFree,ShellExecuteW,ExitThread, 3_2_0F584B20
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe Code function: 3_2_0F5863E0 CryptAcquireContextW,GetLastError,CryptAcquireContextW,CryptGenKey,CryptExportKey,CryptExportKey,CryptDestroyKey,CryptReleaseContext,CryptAcquireContextW, 3_2_0F5863E0
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe Code function: 3_2_0F5882B0 CryptAcquireContextW,VirtualAlloc,GetModuleHandleA,LoadLibraryA,GetProcAddress,CryptReleaseContext,VirtualFree,CryptReleaseContext,VirtualFree, 3_2_0F5882B0
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe Code function: 3_2_0F585670 VirtualAlloc,VirtualAlloc,wsprintfW,lstrlenW,lstrlenW,VirtualFree,lstrlenW,VirtualAlloc,wsprintfA,VirtualAlloc,CryptBinaryToStringA,GetLastError,lstrlenA,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,VirtualFree,VirtualFree,VirtualFree, 3_2_0F585670
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe Code function: 3_2_0F586660 EnterCriticalSection,CryptAcquireContextW,GetLastError,CryptAcquireContextW,CryptImportKey,CryptGetKeyParam,CryptEncrypt,GetLastError,CryptReleaseContext,LeaveCriticalSection, 3_2_0F586660
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe Code function: 3_2_0F588400 VirtualAlloc,CryptAcquireContextW,VirtualAlloc,GetModuleHandleA,LoadLibraryA,GetProcAddress,CryptReleaseContext,VirtualFree,CryptReleaseContext,VirtualFree, 3_2_0F588400
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe Code function: 3_2_0F5853D0 lstrlenA,VirtualAlloc,CryptStringToBinaryA,lstrlenA,VirtualAlloc,lstrcpyA,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,VirtualFree,GetLastError,lstrlenA,lstrlenA,VirtualAlloc,VirtualAlloc,VirtualAlloc,lstrcatA,lstrlenA,lstrlenW,lstrlenA,VirtualFree,VirtualFree,VirtualFree,VirtualFree,InternetCloseHandle, 3_2_0F5853D0
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe Code function: 3_2_0F5834F0 lstrlenA,VirtualAlloc,VirtualAlloc,CryptStringToBinaryA,VirtualAlloc,VirtualAlloc,wsprintfW,wsprintfW,wsprintfW,VirtualFree, 3_2_0F5834F0
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe Code function: 11_2_0F585860 VirtualAlloc,VirtualFree,CryptBinaryToStringA,CryptBinaryToStringA,CryptBinaryToStringA,lstrlenA,lstrlenA,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrcatW,lstrcatW,lstrlenW,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcatW,VirtualFree,VirtualFree,VirtualFree,lstrcatW,lstrlenW,lstrlenW,lstrlenA,MultiByteToWideChar,lstrcatW,lstrlenW,lstrlenA,MultiByteToWideChar,lstrcatW,lstrlenW,lstrlenW,VirtualAlloc,lstrlenW,lstrlenW,VirtualFree,lstrlenW,VirtualAlloc,wsprintfA,lstrlenW,CryptBinaryToStringA,GetLastError,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,lstrlenA,MultiByteToWideChar,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree, 11_2_0F585860
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe Code function: 11_2_0F584B20 EntryPoint,Sleep,ExitProcess,CreateThread,WaitForSingleObject,TerminateThread,CloseHandle,VirtualAlloc,GetModuleFileNameW,VirtualFree,ExitProcess,Sleep,lstrlenA,VirtualAlloc,CryptStringToBinaryA,ExitProcess,InitializeCriticalSection,DeleteCriticalSection,VirtualAlloc,GetModuleFileNameW,VirtualFree,ShellExecuteW,ExitThread, 11_2_0F584B20
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe Code function: 11_2_0F5863E0 CryptAcquireContextW,GetLastError,CryptAcquireContextW,CryptGenKey,CryptExportKey,CryptExportKey,CryptDestroyKey,CryptReleaseContext,CryptAcquireContextW, 11_2_0F5863E0
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe Code function: 11_2_0F5882B0 CryptAcquireContextW,VirtualAlloc,GetModuleHandleA,LoadLibraryA,GetProcAddress,CryptReleaseContext,VirtualFree,CryptReleaseContext,VirtualFree, 11_2_0F5882B0
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe Code function: 11_2_0F585670 VirtualAlloc,VirtualAlloc,wsprintfW,lstrlenW,lstrlenW,VirtualFree,lstrlenW,VirtualAlloc,wsprintfA,VirtualAlloc,CryptBinaryToStringA,GetLastError,lstrlenA,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,VirtualFree,VirtualFree,VirtualFree, 11_2_0F585670
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe Code function: 11_2_0F588400 CryptAcquireContextW,VirtualAlloc,GetModuleHandleA,LoadLibraryA,GetProcAddress,CryptReleaseContext,VirtualFree,CryptReleaseContext,VirtualFree, 11_2_0F588400
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe Code function: 11_2_0F5853D0 lstrlenA,VirtualAlloc,CryptStringToBinaryA,lstrlenA,VirtualAlloc,lstrcpyA,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,VirtualFree,GetLastError,lstrlenA,lstrlenA,VirtualAlloc,VirtualAlloc,VirtualAlloc,lstrcatA,lstrlenA,lstrlenW,lstrlenA,VirtualFree,VirtualFree,VirtualFree,VirtualFree,InternetCloseHandle, 11_2_0F5853D0
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe Code function: 11_2_0F5834F0 lstrlenA,VirtualAlloc,VirtualAlloc,CryptStringToBinaryA,VirtualAlloc,VirtualAlloc,wsprintfW,wsprintfW,wsprintfW,VirtualFree, 11_2_0F5834F0
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe Code function: 11_2_0F586682 CryptAcquireContextW,GetLastError,CryptAcquireContextW,CryptImportKey,CryptGetKeyParam,CryptEncrypt,GetLastError,CryptReleaseContext,LeaveCriticalSection, 11_2_0F586682
Source: IJr8RvvhZ3.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: IJr8RvvhZ3.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe File opened: z:
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe File opened: x:
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe File opened: v:
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe File opened: t:
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe File opened: r:
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe File opened: p:
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe File opened: n:
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe File opened: l:
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe File opened: j:
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe File opened: h:
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe File opened: f:
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe File opened: b:
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe File opened: y:
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe File opened: w:
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe File opened: u:
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe File opened: s:
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe File opened: q:
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe File opened: o:
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe File opened: m:
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe File opened: k:
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe File opened: i:
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe File opened: g:
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe File opened: e:
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe File opened: a:
Source: C:\Users\user\Desktop\IJr8RvvhZ3.exe Code function: 0_2_0F146BA0 lstrlenW,lstrcatW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcatW,lstrlenW,lstrcmpW,CreateFileW,GetFileSize,VirtualAlloc,ReadFile,lstrlenA,VirtualFree,CloseHandle,lstrcmpW,FindNextFileW,FindClose, 0_2_0F146BA0
Source: C:\Users\user\Desktop\IJr8RvvhZ3.exe Code function: 0_2_0F146DF0 lstrlenW,lstrcatW,lstrcatW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcatW,lstrcatW,lstrcatW,FindNextFileW,FindClose, 0_2_0F146DF0
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe Code function: 3_2_0F586DF0 lstrlenW,lstrcatW,lstrcatW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcatW,lstrcatW,lstrcatW,FindNextFileW,FindClose, 3_2_0F586DF0
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe Code function: 3_2_0F586BA0 lstrlenW,lstrcatW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcatW,lstrlenW,lstrcmpW,CreateFileW,GetFileSize,VirtualAlloc,ReadFile,lstrlenA,VirtualFree,CloseHandle,lstrcmpW,FindNextFileW,FindClose, 3_2_0F586BA0
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe Code function: 11_2_0F586DF0 lstrlenW,lstrcatW,lstrcatW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcatW,lstrcatW,lstrcatW,FindNextFileW,FindClose, 11_2_0F586DF0
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe Code function: 11_2_0F586BA0 lstrlenW,lstrcatW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcatW,lstrlenW,lstrcmpW,CreateFileW,GetFileSize,VirtualAlloc,ReadFile,lstrlenA,VirtualFree,CloseHandle,lstrcmpW,FindNextFileW,FindClose, 11_2_0F586BA0

Networking

barindex
Source: C:\Users\user\Desktop\IJr8RvvhZ3.exe Code function: 0_2_0F146FF0 VirtualAlloc,VirtualAlloc,lstrlenW,lstrlenA,wsprintfW,VirtualFree,InternetCloseHandle, ipv4bot.whatismyipaddress.com 0_2_0F146FF0
Source: C:\Users\user\Desktop\IJr8RvvhZ3.exe Code function: 0_2_0F146FF0 VirtualAlloc,VirtualAlloc,lstrlenW,lstrlenA,wsprintfW,VirtualFree,InternetCloseHandle, ipv4bot.whatismyipaddress.com 0_2_0F146FF0
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe Code function: 3_2_0F586FF0 VirtualAlloc,VirtualAlloc,lstrlenW,lstrlenA,wsprintfW,VirtualFree,InternetCloseHandle, ipv4bot.whatismyipaddress.com 3_2_0F586FF0
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe Code function: 3_2_0F586FF0 VirtualAlloc,VirtualAlloc,lstrlenW,lstrlenA,wsprintfW,VirtualFree,InternetCloseHandle, ipv4bot.whatismyipaddress.com 3_2_0F586FF0
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe Code function: 11_2_0F586FF0 VirtualAlloc,VirtualAlloc,lstrlenW,lstrlenA,wsprintfW,VirtualFree,InternetCloseHandle, ipv4bot.whatismyipaddress.com 11_2_0F586FF0
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe Code function: 11_2_0F586FF0 VirtualAlloc,VirtualAlloc,lstrlenW,lstrlenA,wsprintfW,VirtualFree,InternetCloseHandle, ipv4bot.whatismyipaddress.com 11_2_0F586FF0
Source: IJr8RvvhZ3.exe, 00000000.00000002.257994631.000000000F152000.00000004.00000001.01000000.00000003.sdmp String found in binary or memory: 4. Open link in tor browser: http://gdcbmuveqjsli57x.onion/63b5ce1c617217a5
Source: mqsmvj.exe, 00000003.00000002.298139854.000000000F592000.00000004.00000001.01000000.00000006.sdmp String found in binary or memory: 4. Open link in tor browser: http://gdcbmuveqjsli57x.onion/63b5ce1c617217a5
Source: mqsmvj.exe, 0000000B.00000002.328015412.000000000F592000.00000004.00000001.01000000.00000006.sdmp String found in binary or memory: 4. Open link in tor browser: http://gdcbmuveqjsli57x.onion/63b5ce1c617217a5
Source: mqsmvj.exe, 0000000C.00000002.344084967.000000000F592000.00000004.00000001.01000000.00000006.sdmp String found in binary or memory: 4. Open link in tor browser: http://gdcbmuveqjsli57x.onion/63b5ce1c617217a5
Source: mqsmvj.exe, 0000000E.00000002.374552502.000000000F592000.00000004.00000001.01000000.00000006.sdmp String found in binary or memory: 4. Open link in tor browser: http://gdcbmuveqjsli57x.onion/63b5ce1c617217a5
Source: mqsmvj.exe, 00000010.00000002.406166723.000000000F592000.00000004.00000001.01000000.00000006.sdmp String found in binary or memory: 4. Open link in tor browser: http://gdcbmuveqjsli57x.onion/63b5ce1c617217a5
Source: mqsmvj.exe, 00000013.00000002.437026618.000000000F592000.00000004.00000001.01000000.00000006.sdmp String found in binary or memory: 4. Open link in tor browser: http://gdcbmuveqjsli57x.onion/63b5ce1c617217a5
Source: mqsmvj.exe, 00000017.00000002.473021592.000000000F592000.00000004.00000001.01000000.00000006.sdmp String found in binary or memory: 4. Open link in tor browser: http://gdcbmuveqjsli57x.onion/63b5ce1c617217a5
Source: mqsmvj.exe, 00000019.00000002.502628191.000000000F592000.00000004.00000001.01000000.00000006.sdmp String found in binary or memory: 4. Open link in tor browser: http://gdcbmuveqjsli57x.onion/63b5ce1c617217a5
Source: mqsmvj.exe, 0000001B.00000002.543807830.000000000F592000.00000004.00000001.01000000.00000006.sdmp String found in binary or memory: 4. Open link in tor browser: http://gdcbmuveqjsli57x.onion/63b5ce1c617217a5
Source: mqsmvj.exe, 0000001C.00000002.559901286.000000000F592000.00000004.00000001.01000000.00000006.sdmp String found in binary or memory: 4. Open link in tor browser: http://gdcbmuveqjsli57x.onion/63b5ce1c617217a5
Source: mqsmvj.exe, 0000001E.00000002.598229388.000000000F592000.00000004.00000001.01000000.00000006.sdmp String found in binary or memory: 4. Open link in tor browser: http://gdcbmuveqjsli57x.onion/63b5ce1c617217a5
Source: mqsmvj.exe, 00000023.00000002.638125851.000000000F592000.00000004.00000001.01000000.00000006.sdmp String found in binary or memory: 4. Open link in tor browser: http://gdcbmuveqjsli57x.onion/63b5ce1c617217a5
Source: mqsmvj.exe, 00000025.00000002.681251272.000000000F592000.00000004.00000001.01000000.00000006.sdmp String found in binary or memory: 4. Open link in tor browser: http://gdcbmuveqjsli57x.onion/63b5ce1c617217a5
Source: mqsmvj.exe, 00000027.00000002.720286366.000000000F592000.00000004.00000001.01000000.00000006.sdmp String found in binary or memory: 4. Open link in tor browser: http://gdcbmuveqjsli57x.onion/63b5ce1c617217a5
Source: C:\Users\user\Desktop\IJr8RvvhZ3.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\Desktop\IJr8RvvhZ3.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\Desktop\IJr8RvvhZ3.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\Desktop\IJr8RvvhZ3.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\Desktop\IJr8RvvhZ3.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: IJr8RvvhZ3.exe, 00000000.00000002.257994631.000000000F152000.00000004.00000001.01000000.00000003.sdmp, mqsmvj.exe, 00000003.00000002.298139854.000000000F592000.00000004.00000001.01000000.00000006.sdmp, mqsmvj.exe, 0000000B.00000002.328015412.000000000F592000.00000004.00000001.01000000.00000006.sdmp, mqsmvj.exe, 0000000C.00000002.344084967.000000000F592000.00000004.00000001.01000000.00000006.sdmp, mqsmvj.exe, 0000000E.00000002.374552502.000000000F592000.00000004.00000001.01000000.00000006.sdmp, mqsmvj.exe, 00000010.00000002.406166723.000000000F592000.00000004.00000001.01000000.00000006.sdmp, mqsmvj.exe, 00000013.00000002.437026618.000000000F592000.00000004.00000001.01000000.00000006.sdmp, mqsmvj.exe, 00000017.00000002.473021592.000000000F592000.00000004.00000001.01000000.00000006.sdmp, mqsmvj.exe, 00000019.00000002.502628191.000000000F592000.00000004.00000001.01000000.00000006.sdmp, mqsmvj.exe, 0000001B.00000002.543807830.000000000F592000.00000004.00000001.01000000.00000006.sdmp, mqsmvj.exe, 0000001C.00000002.559901286.000000000F592000.00000004.00000001.01000000.00000006.sdmp, mqsmvj.exe, 0000001E.00000002.598229388.000000000F592000.00000004.00000001.01000000.00000006.sdmp, mqsmvj.exe, 00000023.00000002.638125851.000000000F592000.00000004.00000001.01000000.00000006.sdmp, mqsmvj.exe, 00000025.00000002.681251272.000000000F592000.00000004.00000001.01000000.00000006.sdmp, mqsmvj.exe, 00000027.00000002.720286366.000000000F592000.00000004.00000001.01000000.00000006.sdmp String found in binary or memory: http://gdcbmuveqjsli57x.onion/63b5ce1c617217a5
Source: mqsmvj.exe, 0000000B.00000002.327597151.000000000093A000.00000004.00000020.00020000.00000000.sdmp, mqsmvj.exe, 0000000C.00000002.343812574.0000000000873000.00000004.00000020.00020000.00000000.sdmp, mqsmvj.exe, 0000000C.00000003.343418273.0000000000873000.00000004.00000020.00020000.00000000.sdmp, mqsmvj.exe, 0000000C.00000002.343769957.0000000000838000.00000004.00000020.00020000.00000000.sdmp, mqsmvj.exe, 0000000E.00000002.373523162.0000000000AD8000.00000004.00000020.00020000.00000000.sdmp, mqsmvj.exe, 00000019.00000002.501583638.0000000000D18000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ipv4bot.whatismyipaddress.com/
Source: mqsmvj.exe, 0000000C.00000002.343769957.0000000000838000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ipv4bot.whatismyipaddress.com/$
Source: mqsmvj.exe, 0000000C.00000002.343812574.0000000000873000.00000004.00000020.00020000.00000000.sdmp, mqsmvj.exe, 0000000C.00000003.343418273.0000000000873000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ipv4bot.whatismyipaddress.com/4
Source: mqsmvj.exe, 00000019.00000002.501583638.0000000000D18000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ipv4bot.whatismyipaddress.com/9I)
Source: mqsmvj.exe, 0000000E.00000002.373523162.0000000000AD8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ipv4bot.whatismyipaddress.com/CwX
Source: mqsmvj.exe, 0000000B.00000002.327597151.000000000093A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ipv4bot.whatismyipaddress.com/I
Source: mqsmvj.exe, 0000000C.00000002.343812574.0000000000873000.00000004.00000020.00020000.00000000.sdmp, mqsmvj.exe, 0000000C.00000003.343418273.0000000000873000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ipv4bot.whatismyipaddress.com/a
Source: IJr8RvvhZ3.exe, 00000000.00000002.257994631.000000000F152000.00000004.00000001.01000000.00000003.sdmp, mqsmvj.exe, 00000003.00000002.298139854.000000000F592000.00000004.00000001.01000000.00000006.sdmp, mqsmvj.exe, 0000000B.00000002.328015412.000000000F592000.00000004.00000001.01000000.00000006.sdmp, mqsmvj.exe, 0000000C.00000002.344084967.000000000F592000.00000004.00000001.01000000.00000006.sdmp, mqsmvj.exe, 0000000E.00000002.374552502.000000000F592000.00000004.00000001.01000000.00000006.sdmp, mqsmvj.exe, 00000010.00000002.406166723.000000000F592000.00000004.00000001.01000000.00000006.sdmp, mqsmvj.exe, 00000013.00000002.437026618.000000000F592000.00000004.00000001.01000000.00000006.sdmp, mqsmvj.exe, 00000017.00000002.473021592.000000000F592000.00000004.00000001.01000000.00000006.sdmp, mqsmvj.exe, 00000019.00000002.502628191.000000000F592000.00000004.00000001.01000000.00000006.sdmp, mqsmvj.exe, 0000001B.00000002.543807830.000000000F592000.00000004.00000001.01000000.00000006.sdmp, mqsmvj.exe, 0000001C.00000002.559901286.000000000F592000.00000004.00000001.01000000.00000006.sdmp, mqsmvj.exe, 0000001E.00000002.598229388.000000000F592000.00000004.00000001.01000000.00000006.sdmp, mqsmvj.exe, 00000023.00000002.638125851.000000000F592000.00000004.00000001.01000000.00000006.sdmp, mqsmvj.exe, 00000025.00000002.681251272.000000000F592000.00000004.00000001.01000000.00000006.sdmp, mqsmvj.exe, 00000027.00000002.720286366.000000000F592000.00000004.00000001.01000000.00000006.sdmp String found in binary or memory: https://tox.chat/download.html
Source: IJr8RvvhZ3.exe, 00000000.00000002.257994631.000000000F152000.00000004.00000001.01000000.00000003.sdmp, mqsmvj.exe, 00000003.00000002.298139854.000000000F592000.00000004.00000001.01000000.00000006.sdmp, mqsmvj.exe, 0000000B.00000002.328015412.000000000F592000.00000004.00000001.01000000.00000006.sdmp, mqsmvj.exe, 0000000C.00000002.344084967.000000000F592000.00000004.00000001.01000000.00000006.sdmp, mqsmvj.exe, 0000000E.00000002.374552502.000000000F592000.00000004.00000001.01000000.00000006.sdmp, mqsmvj.exe, 00000010.00000002.406166723.000000000F592000.00000004.00000001.01000000.00000006.sdmp, mqsmvj.exe, 00000013.00000002.437026618.000000000F592000.00000004.00000001.01000000.00000006.sdmp, mqsmvj.exe, 00000017.00000002.473021592.000000000F592000.00000004.00000001.01000000.00000006.sdmp, mqsmvj.exe, 00000019.00000002.502628191.000000000F592000.00000004.00000001.01000000.00000006.sdmp, mqsmvj.exe, 0000001B.00000002.543807830.000000000F592000.00000004.00000001.01000000.00000006.sdmp, mqsmvj.exe, 0000001C.00000002.559901286.000000000F592000.00000004.00000001.01000000.00000006.sdmp, mqsmvj.exe, 0000001E.00000002.598229388.000000000F592000.00000004.00000001.01000000.00000006.sdmp, mqsmvj.exe, 00000023.00000002.638125851.000000000F592000.00000004.00000001.01000000.00000006.sdmp, mqsmvj.exe, 00000025.00000002.681251272.000000000F592000.00000004.00000001.01000000.00000006.sdmp, mqsmvj.exe, 00000027.00000002.720286366.000000000F592000.00000004.00000001.01000000.00000006.sdmp String found in binary or memory: https://www.torproject.org/
Source: unknown DNS traffic detected: queries for: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\Desktop\IJr8RvvhZ3.exe Code function: 0_2_0F148050 lstrcatW,InternetCloseHandle,InternetConnectW,VirtualAlloc,wsprintfW,HttpOpenRequestW,HttpAddRequestHeadersW,HttpSendRequestW,InternetReadFile,InternetReadFile,GetLastError,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,VirtualFree, 0_2_0F148050

Spam, unwanted Advertisements and Ransom Demands

barindex
Source: Yara match File source: 25.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 16.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 35.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 37.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 11.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 27.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 30.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 3.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 39.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 23.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.IJr8RvvhZ3.exe.f140000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 19.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 12.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 28.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 14.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0000000C.00000002.344084967.000000000F592000.00000004.00000001.01000000.00000006.sdmp, type: MEMORY
Source: Yara match File source: 00000010.00000002.406166723.000000000F592000.00000004.00000001.01000000.00000006.sdmp, type: MEMORY
Source: Yara match File source: 0000001E.00000002.598229388.000000000F592000.00000004.00000001.01000000.00000006.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.257994631.000000000F152000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match File source: 00000017.00000002.473021592.000000000F592000.00000004.00000001.01000000.00000006.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000002.298139854.000000000F592000.00000004.00000001.01000000.00000006.sdmp, type: MEMORY
Source: Yara match File source: 00000023.00000002.638125851.000000000F592000.00000004.00000001.01000000.00000006.sdmp, type: MEMORY
Source: Yara match File source: 00000027.00000002.720286366.000000000F592000.00000004.00000001.01000000.00000006.sdmp, type: MEMORY
Source: Yara match File source: 0000000B.00000002.328015412.000000000F592000.00000004.00000001.01000000.00000006.sdmp, type: MEMORY
Source: Yara match File source: 0000001B.00000002.543807830.000000000F592000.00000004.00000001.01000000.00000006.sdmp, type: MEMORY
Source: Yara match File source: 0000001C.00000002.559901286.000000000F592000.00000004.00000001.01000000.00000006.sdmp, type: MEMORY
Source: Yara match File source: 00000019.00000002.502628191.000000000F592000.00000004.00000001.01000000.00000006.sdmp, type: MEMORY
Source: Yara match File source: 00000013.00000002.437026618.000000000F592000.00000004.00000001.01000000.00000006.sdmp, type: MEMORY
Source: Yara match File source: 0000000E.00000002.374552502.000000000F592000.00000004.00000001.01000000.00000006.sdmp, type: MEMORY
Source: Yara match File source: 00000025.00000002.681251272.000000000F592000.00000004.00000001.01000000.00000006.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: IJr8RvvhZ3.exe PID: 732, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: mqsmvj.exe PID: 4652, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: mqsmvj.exe PID: 476, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: mqsmvj.exe PID: 5964, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: mqsmvj.exe PID: 5524, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: mqsmvj.exe PID: 5304, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: mqsmvj.exe PID: 4828, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: mqsmvj.exe PID: 244, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: mqsmvj.exe PID: 4940, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: mqsmvj.exe PID: 5160, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: mqsmvj.exe PID: 5636, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: mqsmvj.exe PID: 2564, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: mqsmvj.exe PID: 4480, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: mqsmvj.exe PID: 6000, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: mqsmvj.exe PID: 3780, type: MEMORYSTR
Source: C:\Users\user\Desktop\IJr8RvvhZ3.exe Code function: 0_2_0F146660 EnterCriticalSection,CryptAcquireContextW,GetLastError,CryptAcquireContextW,CryptImportKey,CryptGetKeyParam,CryptEncrypt,GetLastError,CryptReleaseContext,LeaveCriticalSection, 0_2_0F146660
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe Code function: 3_2_0F586660 EnterCriticalSection,CryptAcquireContextW,GetLastError,CryptAcquireContextW,CryptImportKey,CryptGetKeyParam,CryptEncrypt,GetLastError,CryptReleaseContext,LeaveCriticalSection, 3_2_0F586660
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe Code function: 11_2_0F586682 CryptAcquireContextW,GetLastError,CryptAcquireContextW,CryptImportKey,CryptGetKeyParam,CryptEncrypt,GetLastError,CryptReleaseContext,LeaveCriticalSection, 11_2_0F586682

System Summary

barindex
Source: IJr8RvvhZ3.exe, type: SAMPLE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: IJr8RvvhZ3.exe, type: SAMPLE Matched rule: Gandcrab Payload Author: kevoreilly
Source: IJr8RvvhZ3.exe, type: SAMPLE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 23.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 23.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 23.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 28.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 28.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 28.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 27.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 27.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 27.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 38.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 38.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 38.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 25.3.mqsmvj.exe.3490000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 25.3.mqsmvj.exe.3490000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 25.3.mqsmvj.exe.3490000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 0.3.IJr8RvvhZ3.exe.3210000.0.raw.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 0.3.IJr8RvvhZ3.exe.3210000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 0.3.IJr8RvvhZ3.exe.3210000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 14.3.mqsmvj.exe.32b0000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 14.3.mqsmvj.exe.32b0000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 14.3.mqsmvj.exe.32b0000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 3.3.mqsmvj.exe.3790000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 3.3.mqsmvj.exe.3790000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 3.3.mqsmvj.exe.3790000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 22.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 22.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 22.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 0.0.IJr8RvvhZ3.exe.f140000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 0.0.IJr8RvvhZ3.exe.f140000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 0.0.IJr8RvvhZ3.exe.f140000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 34.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 34.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 34.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 3.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 3.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 3.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 11.3.mqsmvj.exe.3290000.0.raw.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 11.3.mqsmvj.exe.3290000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 11.3.mqsmvj.exe.3290000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 25.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 25.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 25.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 36.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 36.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 36.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 27.3.mqsmvj.exe.3490000.0.raw.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 27.3.mqsmvj.exe.3490000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 27.3.mqsmvj.exe.3490000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 16.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 28.3.mqsmvj.exe.3130000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 28.3.mqsmvj.exe.3130000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 28.3.mqsmvj.exe.3130000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 16.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 16.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 14.3.mqsmvj.exe.32b0000.0.raw.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 14.3.mqsmvj.exe.32b0000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 14.3.mqsmvj.exe.32b0000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 37.3.mqsmvj.exe.3bc0000.0.raw.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 37.3.mqsmvj.exe.3bc0000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 37.3.mqsmvj.exe.3bc0000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 35.3.mqsmvj.exe.3970000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 35.3.mqsmvj.exe.3970000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 35.3.mqsmvj.exe.3970000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 23.3.mqsmvj.exe.3a70000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 23.3.mqsmvj.exe.3a70000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 23.3.mqsmvj.exe.3a70000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 35.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 35.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 35.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 19.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 19.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 19.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 28.3.mqsmvj.exe.3130000.0.raw.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 28.3.mqsmvj.exe.3130000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 28.3.mqsmvj.exe.3130000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 12.3.mqsmvj.exe.2fb0000.0.raw.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 12.3.mqsmvj.exe.2fb0000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 12.3.mqsmvj.exe.2fb0000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 19.3.mqsmvj.exe.3930000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 19.3.mqsmvj.exe.3930000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 19.3.mqsmvj.exe.3930000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 39.3.mqsmvj.exe.2fb0000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 39.3.mqsmvj.exe.2fb0000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 39.3.mqsmvj.exe.2fb0000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 11.3.mqsmvj.exe.3290000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 11.3.mqsmvj.exe.3290000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 11.3.mqsmvj.exe.3290000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 38.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 38.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 38.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 30.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 30.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 30.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 39.3.mqsmvj.exe.2fb0000.0.raw.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 39.3.mqsmvj.exe.2fb0000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 39.3.mqsmvj.exe.2fb0000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 22.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 22.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 22.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 37.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 37.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 37.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 26.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 26.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 26.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 39.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 39.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 39.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 11.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 11.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 11.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 14.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 14.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 14.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 26.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 26.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 26.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 19.3.mqsmvj.exe.3930000.0.raw.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 19.3.mqsmvj.exe.3930000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 19.3.mqsmvj.exe.3930000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 16.3.mqsmvj.exe.3b50000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 16.3.mqsmvj.exe.3b50000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 16.3.mqsmvj.exe.3b50000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 23.3.mqsmvj.exe.3a70000.0.raw.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 23.3.mqsmvj.exe.3a70000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 23.3.mqsmvj.exe.3a70000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 15.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 15.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 15.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 30.3.mqsmvj.exe.3470000.0.raw.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 30.3.mqsmvj.exe.3470000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 30.3.mqsmvj.exe.3470000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 16.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 16.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 16.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 27.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 27.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 27.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 3.3.mqsmvj.exe.3790000.0.raw.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 3.3.mqsmvj.exe.3790000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 3.3.mqsmvj.exe.3790000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 25.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 25.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 25.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 30.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 30.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 30.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 12.3.mqsmvj.exe.2fb0000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 12.3.mqsmvj.exe.2fb0000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 12.3.mqsmvj.exe.2fb0000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 15.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 15.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 15.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 3.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 3.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 3.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 39.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 39.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 39.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 35.3.mqsmvj.exe.3970000.0.raw.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 35.3.mqsmvj.exe.3970000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 35.3.mqsmvj.exe.3970000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 25.3.mqsmvj.exe.3490000.0.raw.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 25.3.mqsmvj.exe.3490000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 25.3.mqsmvj.exe.3490000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 30.3.mqsmvj.exe.3470000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 30.3.mqsmvj.exe.3470000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 30.3.mqsmvj.exe.3470000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 35.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 35.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 35.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 34.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 34.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 34.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 36.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 36.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 36.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 23.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 23.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 23.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 37.3.mqsmvj.exe.3bc0000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 37.3.mqsmvj.exe.3bc0000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 37.3.mqsmvj.exe.3bc0000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 0.3.IJr8RvvhZ3.exe.3210000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 0.3.IJr8RvvhZ3.exe.3210000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 0.3.IJr8RvvhZ3.exe.3210000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 11.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 11.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 11.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 0.2.IJr8RvvhZ3.exe.f140000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 0.2.IJr8RvvhZ3.exe.f140000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 0.2.IJr8RvvhZ3.exe.f140000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 27.3.mqsmvj.exe.3490000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 27.3.mqsmvj.exe.3490000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 27.3.mqsmvj.exe.3490000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 19.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 19.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 19.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 12.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 12.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 12.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 16.3.mqsmvj.exe.3b50000.0.raw.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 16.3.mqsmvj.exe.3b50000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 16.3.mqsmvj.exe.3b50000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 12.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 12.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 12.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 28.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 28.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 28.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 37.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 37.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 37.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 14.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 14.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 14.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 00000017.00000003.471429233.0000000003A70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 00000017.00000003.471429233.0000000003A70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Gandcrab Payload Author: kevoreilly
Source: 00000017.00000003.471429233.0000000003A70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 0000000B.00000003.321306914.0000000003290000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 0000000B.00000003.321306914.0000000003290000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Gandcrab Payload Author: kevoreilly
Source: 0000000B.00000003.321306914.0000000003290000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 00000019.00000003.501007155.0000000003490000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 00000019.00000003.501007155.0000000003490000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Gandcrab Payload Author: kevoreilly
Source: 00000019.00000003.501007155.0000000003490000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 00000013.00000003.435943163.0000000003930000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 00000013.00000003.435943163.0000000003930000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Gandcrab Payload Author: kevoreilly
Source: 00000013.00000003.435943163.0000000003930000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 0000001E.00000003.596521661.0000000003470000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 0000001E.00000003.596521661.0000000003470000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Gandcrab Payload Author: kevoreilly
Source: 0000001E.00000003.596521661.0000000003470000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 0000001B.00000003.542421272.0000000003490000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 0000001B.00000003.542421272.0000000003490000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Gandcrab Payload Author: kevoreilly
Source: 0000001B.00000003.542421272.0000000003490000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 0000000E.00000003.373224342.00000000032B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 0000000E.00000003.373224342.00000000032B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Gandcrab Payload Author: kevoreilly
Source: 0000000E.00000003.373224342.00000000032B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 00000025.00000003.678519196.0000000003BC0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 00000025.00000003.678519196.0000000003BC0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Gandcrab Payload Author: kevoreilly
Source: 00000025.00000003.678519196.0000000003BC0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 0000000C.00000003.343391224.0000000002FB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 0000000C.00000003.343391224.0000000002FB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Gandcrab Payload Author: kevoreilly
Source: 0000000C.00000003.343391224.0000000002FB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 00000010.00000003.403183321.0000000003B50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 00000010.00000003.403183321.0000000003B50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Gandcrab Payload Author: kevoreilly
Source: 00000010.00000003.403183321.0000000003B50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 00000003.00000003.296444653.0000000003790000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 00000003.00000003.296444653.0000000003790000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Gandcrab Payload Author: kevoreilly
Source: 00000003.00000003.296444653.0000000003790000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 0000001C.00000003.557904847.0000000003130000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 0000001C.00000003.557904847.0000000003130000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Gandcrab Payload Author: kevoreilly
Source: 0000001C.00000003.557904847.0000000003130000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 00000023.00000003.636841128.0000000003970000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 00000023.00000003.636841128.0000000003970000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Gandcrab Payload Author: kevoreilly
Source: 00000023.00000003.636841128.0000000003970000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 00000000.00000003.257187894.0000000003210000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 00000000.00000003.257187894.0000000003210000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Gandcrab Payload Author: kevoreilly
Source: 00000000.00000003.257187894.0000000003210000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 00000027.00000003.716539661.0000000002FB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 00000027.00000003.716539661.0000000002FB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Gandcrab Payload Author: kevoreilly
Source: 00000027.00000003.716539661.0000000002FB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe, type: DROPPED Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe, type: DROPPED Matched rule: Gandcrab Payload Author: kevoreilly
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe, type: DROPPED Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: IJr8RvvhZ3.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: IJr8RvvhZ3.exe, type: SAMPLE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: IJr8RvvhZ3.exe, type: SAMPLE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: IJr8RvvhZ3.exe, type: SAMPLE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: IJr8RvvhZ3.exe, type: SAMPLE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: IJr8RvvhZ3.exe, type: SAMPLE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 23.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 23.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 23.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 23.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 23.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 28.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 28.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 28.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 28.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 28.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 27.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 27.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 27.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 27.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 27.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 38.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 38.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 38.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 38.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 38.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 25.3.mqsmvj.exe.3490000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 25.3.mqsmvj.exe.3490000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 25.3.mqsmvj.exe.3490000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 25.3.mqsmvj.exe.3490000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 25.3.mqsmvj.exe.3490000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 0.3.IJr8RvvhZ3.exe.3210000.0.raw.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 0.3.IJr8RvvhZ3.exe.3210000.0.raw.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 0.3.IJr8RvvhZ3.exe.3210000.0.raw.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 0.3.IJr8RvvhZ3.exe.3210000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 0.3.IJr8RvvhZ3.exe.3210000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 14.3.mqsmvj.exe.32b0000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 14.3.mqsmvj.exe.32b0000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 14.3.mqsmvj.exe.32b0000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 14.3.mqsmvj.exe.32b0000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 14.3.mqsmvj.exe.32b0000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 3.3.mqsmvj.exe.3790000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 3.3.mqsmvj.exe.3790000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 3.3.mqsmvj.exe.3790000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 3.3.mqsmvj.exe.3790000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 3.3.mqsmvj.exe.3790000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 22.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 22.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 22.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 22.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 22.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 0.0.IJr8RvvhZ3.exe.f140000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 0.0.IJr8RvvhZ3.exe.f140000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 0.0.IJr8RvvhZ3.exe.f140000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 0.0.IJr8RvvhZ3.exe.f140000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 0.0.IJr8RvvhZ3.exe.f140000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 34.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 34.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 34.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 34.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 34.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 3.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 3.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 3.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 3.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 3.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 11.3.mqsmvj.exe.3290000.0.raw.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 11.3.mqsmvj.exe.3290000.0.raw.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 11.3.mqsmvj.exe.3290000.0.raw.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 11.3.mqsmvj.exe.3290000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 11.3.mqsmvj.exe.3290000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 25.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 25.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 25.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 25.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 25.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 36.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 36.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 36.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 36.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 36.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 27.3.mqsmvj.exe.3490000.0.raw.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 27.3.mqsmvj.exe.3490000.0.raw.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 27.3.mqsmvj.exe.3490000.0.raw.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 27.3.mqsmvj.exe.3490000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 27.3.mqsmvj.exe.3490000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 16.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 16.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 16.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 28.3.mqsmvj.exe.3130000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 28.3.mqsmvj.exe.3130000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 28.3.mqsmvj.exe.3130000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 28.3.mqsmvj.exe.3130000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 28.3.mqsmvj.exe.3130000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 16.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 16.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 14.3.mqsmvj.exe.32b0000.0.raw.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 14.3.mqsmvj.exe.32b0000.0.raw.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 14.3.mqsmvj.exe.32b0000.0.raw.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 14.3.mqsmvj.exe.32b0000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 14.3.mqsmvj.exe.32b0000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 37.3.mqsmvj.exe.3bc0000.0.raw.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 37.3.mqsmvj.exe.3bc0000.0.raw.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 37.3.mqsmvj.exe.3bc0000.0.raw.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 37.3.mqsmvj.exe.3bc0000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 37.3.mqsmvj.exe.3bc0000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 35.3.mqsmvj.exe.3970000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 35.3.mqsmvj.exe.3970000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 35.3.mqsmvj.exe.3970000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 35.3.mqsmvj.exe.3970000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 35.3.mqsmvj.exe.3970000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 23.3.mqsmvj.exe.3a70000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 23.3.mqsmvj.exe.3a70000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 23.3.mqsmvj.exe.3a70000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 23.3.mqsmvj.exe.3a70000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 23.3.mqsmvj.exe.3a70000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 35.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 35.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 35.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 35.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 35.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 19.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 19.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 19.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 19.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 19.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 28.3.mqsmvj.exe.3130000.0.raw.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 28.3.mqsmvj.exe.3130000.0.raw.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 28.3.mqsmvj.exe.3130000.0.raw.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 28.3.mqsmvj.exe.3130000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 28.3.mqsmvj.exe.3130000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 12.3.mqsmvj.exe.2fb0000.0.raw.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 12.3.mqsmvj.exe.2fb0000.0.raw.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 12.3.mqsmvj.exe.2fb0000.0.raw.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 12.3.mqsmvj.exe.2fb0000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 12.3.mqsmvj.exe.2fb0000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 19.3.mqsmvj.exe.3930000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 19.3.mqsmvj.exe.3930000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 19.3.mqsmvj.exe.3930000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 19.3.mqsmvj.exe.3930000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 19.3.mqsmvj.exe.3930000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 39.3.mqsmvj.exe.2fb0000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 39.3.mqsmvj.exe.2fb0000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 39.3.mqsmvj.exe.2fb0000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 39.3.mqsmvj.exe.2fb0000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 39.3.mqsmvj.exe.2fb0000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 11.3.mqsmvj.exe.3290000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 11.3.mqsmvj.exe.3290000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 11.3.mqsmvj.exe.3290000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 11.3.mqsmvj.exe.3290000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 11.3.mqsmvj.exe.3290000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 38.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 38.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 38.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 38.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 38.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 30.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 30.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 30.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 30.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 30.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 39.3.mqsmvj.exe.2fb0000.0.raw.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 39.3.mqsmvj.exe.2fb0000.0.raw.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 39.3.mqsmvj.exe.2fb0000.0.raw.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 39.3.mqsmvj.exe.2fb0000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 39.3.mqsmvj.exe.2fb0000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 22.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 22.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 22.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 22.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 22.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 37.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 37.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 37.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 37.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 37.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 26.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 26.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 26.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 26.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 26.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 39.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 39.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 39.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 39.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 39.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 11.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 11.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 11.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 11.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 11.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 14.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 14.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 14.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 14.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 14.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 26.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 26.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 26.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 26.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 26.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 19.3.mqsmvj.exe.3930000.0.raw.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 19.3.mqsmvj.exe.3930000.0.raw.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 19.3.mqsmvj.exe.3930000.0.raw.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 19.3.mqsmvj.exe.3930000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 19.3.mqsmvj.exe.3930000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 16.3.mqsmvj.exe.3b50000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 16.3.mqsmvj.exe.3b50000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 16.3.mqsmvj.exe.3b50000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 16.3.mqsmvj.exe.3b50000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 16.3.mqsmvj.exe.3b50000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 23.3.mqsmvj.exe.3a70000.0.raw.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 23.3.mqsmvj.exe.3a70000.0.raw.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 23.3.mqsmvj.exe.3a70000.0.raw.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 23.3.mqsmvj.exe.3a70000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 23.3.mqsmvj.exe.3a70000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 15.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 15.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 15.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 15.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 15.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 30.3.mqsmvj.exe.3470000.0.raw.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 30.3.mqsmvj.exe.3470000.0.raw.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 30.3.mqsmvj.exe.3470000.0.raw.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 30.3.mqsmvj.exe.3470000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 30.3.mqsmvj.exe.3470000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 16.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 16.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 16.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 16.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 16.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 27.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 27.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 27.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 27.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 27.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 3.3.mqsmvj.exe.3790000.0.raw.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 3.3.mqsmvj.exe.3790000.0.raw.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 3.3.mqsmvj.exe.3790000.0.raw.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 3.3.mqsmvj.exe.3790000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 3.3.mqsmvj.exe.3790000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 25.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 25.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 25.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 25.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 25.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 30.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 30.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 30.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 30.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 30.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 12.3.mqsmvj.exe.2fb0000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 12.3.mqsmvj.exe.2fb0000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 12.3.mqsmvj.exe.2fb0000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 12.3.mqsmvj.exe.2fb0000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 12.3.mqsmvj.exe.2fb0000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 15.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 15.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 15.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 15.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 15.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 3.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 3.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 3.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 3.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 3.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 39.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 39.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 39.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 39.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 39.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 25.3.mqsmvj.exe.3490000.0.raw.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 25.3.mqsmvj.exe.3490000.0.raw.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 35.3.mqsmvj.exe.3970000.0.raw.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 35.3.mqsmvj.exe.3970000.0.raw.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 35.3.mqsmvj.exe.3970000.0.raw.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 35.3.mqsmvj.exe.3970000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 35.3.mqsmvj.exe.3970000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 25.3.mqsmvj.exe.3490000.0.raw.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 25.3.mqsmvj.exe.3490000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 25.3.mqsmvj.exe.3490000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 30.3.mqsmvj.exe.3470000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 30.3.mqsmvj.exe.3470000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 30.3.mqsmvj.exe.3470000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 30.3.mqsmvj.exe.3470000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 30.3.mqsmvj.exe.3470000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 35.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 35.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 35.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 35.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 35.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 34.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 34.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 34.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 34.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 34.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 36.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 36.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 36.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 36.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 36.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 23.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 23.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 23.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 23.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 23.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 37.3.mqsmvj.exe.3bc0000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 37.3.mqsmvj.exe.3bc0000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 37.3.mqsmvj.exe.3bc0000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 37.3.mqsmvj.exe.3bc0000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 37.3.mqsmvj.exe.3bc0000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 0.3.IJr8RvvhZ3.exe.3210000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 0.3.IJr8RvvhZ3.exe.3210000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 0.3.IJr8RvvhZ3.exe.3210000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 0.3.IJr8RvvhZ3.exe.3210000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 0.3.IJr8RvvhZ3.exe.3210000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 11.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 11.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 11.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 11.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 11.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 0.2.IJr8RvvhZ3.exe.f140000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 0.2.IJr8RvvhZ3.exe.f140000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 0.2.IJr8RvvhZ3.exe.f140000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 0.2.IJr8RvvhZ3.exe.f140000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 0.2.IJr8RvvhZ3.exe.f140000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 27.3.mqsmvj.exe.3490000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 27.3.mqsmvj.exe.3490000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 27.3.mqsmvj.exe.3490000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 27.3.mqsmvj.exe.3490000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 27.3.mqsmvj.exe.3490000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 19.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 19.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 19.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 19.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 19.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 12.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 12.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 12.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 12.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 12.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 16.3.mqsmvj.exe.3b50000.0.raw.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 16.3.mqsmvj.exe.3b50000.0.raw.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 16.3.mqsmvj.exe.3b50000.0.raw.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 16.3.mqsmvj.exe.3b50000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 16.3.mqsmvj.exe.3b50000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 12.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 12.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 12.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 12.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 12.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 28.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 28.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 28.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 28.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 28.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 37.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 37.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 37.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 37.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 37.0.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 14.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 14.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 14.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 14.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 14.2.mqsmvj.exe.f580000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 00000017.00000003.471429233.0000000003A70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 00000017.00000003.471429233.0000000003A70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 00000017.00000003.471429233.0000000003A70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 00000017.00000003.471429233.0000000003A70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 00000017.00000003.471429233.0000000003A70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 0000000B.00000003.321306914.0000000003290000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 0000000B.00000003.321306914.0000000003290000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 0000000B.00000003.321306914.0000000003290000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 0000000B.00000003.321306914.0000000003290000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 0000000B.00000003.321306914.0000000003290000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 00000019.00000003.501007155.0000000003490000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 00000019.00000003.501007155.0000000003490000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 00000019.00000003.501007155.0000000003490000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 00000019.00000003.501007155.0000000003490000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 00000019.00000003.501007155.0000000003490000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 00000013.00000003.435943163.0000000003930000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 00000013.00000003.435943163.0000000003930000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 00000013.00000003.435943163.0000000003930000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 00000013.00000003.435943163.0000000003930000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 00000013.00000003.435943163.0000000003930000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 0000001E.00000003.596521661.0000000003470000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 0000001E.00000003.596521661.0000000003470000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 0000001E.00000003.596521661.0000000003470000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 0000001E.00000003.596521661.0000000003470000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 0000001E.00000003.596521661.0000000003470000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 0000001B.00000003.542421272.0000000003490000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 0000001B.00000003.542421272.0000000003490000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 0000001B.00000003.542421272.0000000003490000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 0000001B.00000003.542421272.0000000003490000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 0000001B.00000003.542421272.0000000003490000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 0000000E.00000003.373224342.00000000032B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 0000000E.00000003.373224342.00000000032B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 0000000E.00000003.373224342.00000000032B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 0000000E.00000003.373224342.00000000032B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 0000000E.00000003.373224342.00000000032B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 00000025.00000003.678519196.0000000003BC0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 00000025.00000003.678519196.0000000003BC0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 00000025.00000003.678519196.0000000003BC0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 00000025.00000003.678519196.0000000003BC0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 00000025.00000003.678519196.0000000003BC0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 0000000C.00000003.343391224.0000000002FB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 0000000C.00000003.343391224.0000000002FB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 0000000C.00000003.343391224.0000000002FB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 0000000C.00000003.343391224.0000000002FB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 0000000C.00000003.343391224.0000000002FB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 00000010.00000003.403183321.0000000003B50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 00000010.00000003.403183321.0000000003B50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 00000010.00000003.403183321.0000000003B50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 00000010.00000003.403183321.0000000003B50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 00000010.00000003.403183321.0000000003B50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 00000003.00000003.296444653.0000000003790000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 00000003.00000003.296444653.0000000003790000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 00000003.00000003.296444653.0000000003790000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 00000003.00000003.296444653.0000000003790000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 00000003.00000003.296444653.0000000003790000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 0000001C.00000003.557904847.0000000003130000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 0000001C.00000003.557904847.0000000003130000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 0000001C.00000003.557904847.0000000003130000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 0000001C.00000003.557904847.0000000003130000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 0000001C.00000003.557904847.0000000003130000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 00000023.00000003.636841128.0000000003970000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 00000023.00000003.636841128.0000000003970000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 00000023.00000003.636841128.0000000003970000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 00000023.00000003.636841128.0000000003970000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 00000023.00000003.636841128.0000000003970000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 00000000.00000003.257187894.0000000003210000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 00000000.00000003.257187894.0000000003210000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 00000000.00000003.257187894.0000000003210000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 00000000.00000003.257187894.0000000003210000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 00000000.00000003.257187894.0000000003210000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 00000027.00000003.716539661.0000000002FB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 00000027.00000003.716539661.0000000002FB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 00000027.00000003.716539661.0000000002FB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 00000027.00000003.716539661.0000000002FB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 00000027.00000003.716539661.0000000002FB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: Process Memory Space: mqsmvj.exe PID: 5964, type: MEMORYSTR Matched rule: HKTL_Meterpreter_inMemory date = 2020-06-29, author = netbiosX, Florian Roth, description = Detects Meterpreter in-memory, score = , reference = https://www.reddit.com/r/purpleteamsec/comments/hjux11/meterpreter_memory_indicators_detection_tooling/
Source: Process Memory Space: mqsmvj.exe PID: 5524, type: MEMORYSTR Matched rule: HKTL_Meterpreter_inMemory date = 2020-06-29, author = netbiosX, Florian Roth, description = Detects Meterpreter in-memory, score = , reference = https://www.reddit.com/r/purpleteamsec/comments/hjux11/meterpreter_memory_indicators_detection_tooling/
Source: Process Memory Space: mqsmvj.exe PID: 4940, type: MEMORYSTR Matched rule: HKTL_Meterpreter_inMemory date = 2020-06-29, author = netbiosX, Florian Roth, description = Detects Meterpreter in-memory, score = , reference = https://www.reddit.com/r/purpleteamsec/comments/hjux11/meterpreter_memory_indicators_detection_tooling/
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe, type: DROPPED Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe, type: DROPPED Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe, type: DROPPED Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe, type: DROPPED Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe, type: DROPPED Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: C:\Users\user\Desktop\IJr8RvvhZ3.exe Code function: 0_2_0F141C20 0_2_0F141C20
Source: C:\Users\user\Desktop\IJr8RvvhZ3.exe Code function: 0_2_0F141020 0_2_0F141020
Source: C:\Users\user\Desktop\IJr8RvvhZ3.exe Code function: 0_2_0F148520 0_2_0F148520
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe Code function: 3_2_0F581C20 3_2_0F581C20
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe Code function: 3_2_0F581020 3_2_0F581020
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe Code function: 3_2_0F588520 3_2_0F588520
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe Code function: 11_2_0F581C20 11_2_0F581C20
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe Code function: 11_2_0F588520 11_2_0F588520
Source: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe Code function: 11_2_0F581020 11_2_0F581020
Source: IJr8RvvhZ3.exe Virustotal: Detection: 87%
Source: IJr8RvvhZ3.exe Metadefender: Detection: 86%
Source: IJr8RvvhZ3.exe ReversingLabs: Detection: 96%
Source: C:\Users\user\Desktop\IJr8RvvhZ3.exe File read: C:\Users\user\Desktop\IJr8RvvhZ3.exe Jump to behavior
Source: IJr8RvvhZ3.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\IJr8RvvhZ3.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\IJr8RvvhZ3.exe "C:\Users\user\Desktop\IJr8RvvhZ3.exe"
Source: unknown Process created: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe "C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe"
Source: unknown Process created: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe "C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe"
Source: unknown Process created: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe "C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe"
Source: unknown Process created: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe "C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe"
Source: unknown Process created: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe "C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe"
Source: unknown Process created: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe "C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe"
Source: unknown Process created: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe "C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe"
Source: unknown Process created: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe "C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe"
Source: unknown Process created: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe "C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe"
Source: unknown Process created: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe "C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe"
Source: unknown Process created: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe "C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe"
Source: unknown Process created: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe "C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe"
Source: unknown Process created: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe "C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe"
Source: unknown Process created: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe "C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe"
Source: unknown Process created: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe "C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe"
Source: unknown Process created: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe "C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe"
Source: unknown Process created: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe "C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe"
Source: unknown Process created: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe "C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe"
Source: unknown Process created: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe "C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe"
Source: unknown Process created: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe "C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe"
Source: C:\Users\user\Desktop\IJr8RvvhZ3.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32 Jump to behavior
Source: C:\Users\user\Desktop\IJr8RvvhZ3.exe File created: C:\Users\user\AppData\Roaming\Microsoft\mqsmvj.exe Jump to behavior
Source: classification engine Classification label: mal100.rans.troj.evad.winEXE@21/1@15/0