Source: C:\Users\user\Desktop\W445hIpF47.exe | Code function: 1_2_0FDA63E0 CryptAcquireContextW,GetLastError,CryptAcquireContextW,CryptGenKey,CryptExportKey,CryptExportKey,CryptDestroyKey,CryptReleaseContext,CryptAcquireContextW, |
Source: C:\Users\user\Desktop\W445hIpF47.exe | Code function: 1_2_0FDA82B0 CryptAcquireContextW,VirtualAlloc,GetModuleHandleA,LoadLibraryA,GetProcAddress,CryptReleaseContext,VirtualFree,CryptReleaseContext,VirtualFree, |
Source: C:\Users\user\Desktop\W445hIpF47.exe | Code function: 1_2_0FDA5860 VirtualAlloc,VirtualFree,CryptBinaryToStringA,CryptBinaryToStringA,CryptBinaryToStringA,lstrlenA,lstrlenA,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrcatW,lstrcatW,lstrlenW,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcatW,VirtualFree,VirtualFree,VirtualFree,lstrcatW,lstrlenW,lstrlenW,lstrlenA,MultiByteToWideChar,lstrcatW,lstrlenW,lstrlenA,MultiByteToWideChar,lstrcatW,lstrlenW,lstrlenW,VirtualAlloc,lstrlenW,lstrlenW,VirtualFree,lstrlenW,VirtualAlloc,wsprintfA,lstrlenW,CryptBinaryToStringA,GetLastError,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,lstrlenA,MultiByteToWideChar,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree, |
Source: C:\Users\user\Desktop\W445hIpF47.exe | Code function: 1_2_0FDA8400 VirtualAlloc,CryptAcquireContextW,VirtualAlloc,GetModuleHandleA,LoadLibraryA,GetProcAddress,CryptReleaseContext,VirtualFree,CryptReleaseContext,VirtualFree, |
Source: C:\Users\user\Desktop\W445hIpF47.exe | Code function: 1_2_0FDA4B20 EntryPoint,Sleep,ExitProcess,CreateThread,WaitForSingleObject,TerminateThread,CloseHandle,VirtualAlloc,GetModuleFileNameW,VirtualFree,ExitProcess,Sleep,lstrlenA,VirtualAlloc,CryptStringToBinaryA,ExitProcess,InitializeCriticalSection,DeleteCriticalSection,VirtualAlloc,GetModuleFileNameW,VirtualFree,ShellExecuteW,ExitThread, |
Source: C:\Users\user\Desktop\W445hIpF47.exe | Code function: 1_2_0FDA53D0 lstrlenA,VirtualAlloc,CryptStringToBinaryA,lstrlenA,VirtualAlloc,lstrcpyA,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,VirtualFree,GetLastError,lstrlenA,lstrlenA,VirtualAlloc,VirtualAlloc,VirtualAlloc,lstrcatA,lstrlenA,lstrlenW,lstrlenA,VirtualFree,VirtualFree,VirtualFree,VirtualFree,InternetCloseHandle, |
Source: C:\Users\user\Desktop\W445hIpF47.exe | Code function: 1_2_0FDA34F0 lstrlenA,VirtualAlloc,VirtualAlloc,CryptStringToBinaryA,VirtualAlloc,VirtualAlloc,wsprintfW,wsprintfW,wsprintfW,VirtualFree, |
Source: C:\Users\user\Desktop\W445hIpF47.exe | Code function: 1_2_0FDA5670 VirtualAlloc,VirtualAlloc,wsprintfW,lstrlenW,lstrlenW,VirtualFree,lstrlenW,VirtualAlloc,wsprintfA,VirtualAlloc,CryptBinaryToStringA,GetLastError,lstrlenA,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,VirtualFree,VirtualFree,VirtualFree, |
Source: C:\Users\user\Desktop\W445hIpF47.exe | Code function: 1_2_0FDA6660 EnterCriticalSection,CryptAcquireContextW,GetLastError,CryptAcquireContextW,CryptImportKey,CryptGetKeyParam,CryptEncrypt,GetLastError,CryptReleaseContext,LeaveCriticalSection, |
Source: C:\Users\user\AppData\Roaming\Microsoft\zrnips.exe | Code function: 3_2_0FCD63E0 CryptAcquireContextW,GetLastError,CryptAcquireContextW,CryptGenKey,CryptExportKey,CryptExportKey,CryptDestroyKey,CryptReleaseContext,CryptAcquireContextW, |
Source: C:\Users\user\AppData\Roaming\Microsoft\zrnips.exe | Code function: 3_2_0FCD82B0 CryptAcquireContextW,VirtualAlloc,GetModuleHandleA,LoadLibraryA,GetProcAddress,CryptReleaseContext,VirtualFree,CryptReleaseContext,VirtualFree, |
Source: C:\Users\user\AppData\Roaming\Microsoft\zrnips.exe | Code function: 3_2_0FCD5860 VirtualAlloc,VirtualFree,CryptBinaryToStringA,CryptBinaryToStringA,CryptBinaryToStringA,lstrlenA,lstrlenA,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrcatW,lstrcatW,lstrlenW,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcatW,VirtualFree,VirtualFree,VirtualFree,lstrcatW,lstrlenW,lstrlenW,lstrlenA,MultiByteToWideChar,lstrcatW,lstrlenW,lstrlenA,MultiByteToWideChar,lstrcatW,lstrlenW,lstrlenW,VirtualAlloc,lstrlenW,lstrlenW,VirtualFree,lstrlenW,VirtualAlloc,wsprintfA,lstrlenW,CryptBinaryToStringA,GetLastError,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,lstrlenA,MultiByteToWideChar,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree, |
Source: C:\Users\user\AppData\Roaming\Microsoft\zrnips.exe | Code function: 3_2_0FCD4B20 EntryPoint,Sleep,ExitProcess,CreateThread,WaitForSingleObject,TerminateThread,CloseHandle,VirtualAlloc,GetModuleFileNameW,VirtualFree,ExitProcess,Sleep,lstrlenA,VirtualAlloc,CryptStringToBinaryA,ExitProcess,InitializeCriticalSection,DeleteCriticalSection,VirtualAlloc,GetModuleFileNameW,VirtualFree,ShellExecuteW,ExitThread, |
Source: C:\Users\user\AppData\Roaming\Microsoft\zrnips.exe | Code function: 3_2_0FCD53D0 lstrlenA,VirtualAlloc,CryptStringToBinaryA,lstrlenA,VirtualAlloc,lstrcpyA,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,VirtualFree,GetLastError,lstrlenA,lstrlenA,VirtualAlloc,VirtualAlloc,VirtualAlloc,lstrcatA,lstrlenA,lstrlenW,lstrlenA,VirtualFree,VirtualFree,VirtualFree,VirtualFree,InternetCloseHandle, |
Source: C:\Users\user\AppData\Roaming\Microsoft\zrnips.exe | Code function: 3_2_0FCD34F0 lstrlenA,VirtualAlloc,VirtualAlloc,CryptStringToBinaryA,VirtualAlloc,VirtualAlloc,wsprintfW,wsprintfW,wsprintfW,VirtualFree, |
Source: C:\Users\user\AppData\Roaming\Microsoft\zrnips.exe | Code function: 3_2_0FCD6660 EnterCriticalSection,CryptAcquireContextW,GetLastError,CryptAcquireContextW,CryptImportKey,CryptGetKeyParam,CryptEncrypt,GetLastError,CryptReleaseContext,LeaveCriticalSection, |
Source: C:\Users\user\AppData\Roaming\Microsoft\zrnips.exe | Code function: 3_2_0FCD5670 VirtualAlloc,VirtualAlloc,wsprintfW,lstrlenW,lstrlenW,VirtualFree,lstrlenW,VirtualAlloc,wsprintfA,VirtualAlloc,CryptBinaryToStringA,GetLastError,lstrlenA,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,VirtualFree,VirtualFree,VirtualFree, |
Source: C:\Users\user\AppData\Roaming\Microsoft\zrnips.exe | Code function: 3_2_0FCD8400 VirtualAlloc,CryptAcquireContextW,VirtualAlloc,GetModuleHandleA,LoadLibraryA,GetProcAddress,CryptReleaseContext,VirtualFree,CryptReleaseContext,VirtualFree, |
Source: C:\Users\user\AppData\Roaming\Microsoft\zrnips.exe | Code function: 5_2_0FCD63E0 CryptAcquireContextW,GetLastError,CryptAcquireContextW,CryptGenKey,CryptExportKey,CryptExportKey,CryptDestroyKey,CryptReleaseContext,CryptAcquireContextW, |
Source: C:\Users\user\AppData\Roaming\Microsoft\zrnips.exe | Code function: 5_2_0FCD82B0 CryptAcquireContextW,VirtualAlloc,GetModuleHandleA,LoadLibraryA,GetProcAddress,CryptReleaseContext,VirtualFree,CryptReleaseContext,VirtualFree, |
Source: C:\Users\user\AppData\Roaming\Microsoft\zrnips.exe | Code function: 5_2_0FCD5860 VirtualAlloc,VirtualFree,CryptBinaryToStringA,CryptBinaryToStringA,CryptBinaryToStringA,lstrlenA,lstrlenA,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrcatW,lstrcatW,lstrlenW,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcatW,VirtualFree,VirtualFree,VirtualFree,lstrcatW,lstrlenW,lstrlenW,lstrlenA,MultiByteToWideChar,lstrcatW,lstrlenW,lstrlenA,MultiByteToWideChar,lstrcatW,lstrlenW,lstrlenW,VirtualAlloc,lstrlenW,lstrlenW,VirtualFree,lstrlenW,VirtualAlloc,wsprintfA,lstrlenW,CryptBinaryToStringA,GetLastError,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,lstrlenA,MultiByteToWideChar,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree, |
Source: C:\Users\user\AppData\Roaming\Microsoft\zrnips.exe | Code function: 5_2_0FCD4B20 EntryPoint,Sleep,ExitProcess,CreateThread,WaitForSingleObject,TerminateThread,CloseHandle,VirtualAlloc,GetModuleFileNameW,VirtualFree,ExitProcess,Sleep,lstrlenA,VirtualAlloc,CryptStringToBinaryA,ExitProcess,InitializeCriticalSection,DeleteCriticalSection,VirtualAlloc,GetModuleFileNameW,VirtualFree,ShellExecuteW,ExitThread, |
Source: C:\Users\user\AppData\Roaming\Microsoft\zrnips.exe | Code function: 5_2_0FCD53D0 lstrlenA,VirtualAlloc,CryptStringToBinaryA,lstrlenA,VirtualAlloc,lstrcpyA,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,VirtualFree,GetLastError,lstrlenA,lstrlenA,VirtualAlloc,VirtualAlloc,VirtualAlloc,lstrcatA,lstrlenA,lstrlenW,lstrlenA,VirtualFree,VirtualFree,VirtualFree,VirtualFree,InternetCloseHandle, |
Source: C:\Users\user\AppData\Roaming\Microsoft\zrnips.exe | Code function: 5_2_0FCD34F0 lstrlenA,VirtualAlloc,VirtualAlloc,CryptStringToBinaryA,VirtualAlloc,VirtualAlloc,wsprintfW,wsprintfW,wsprintfW,VirtualFree, |
Source: C:\Users\user\AppData\Roaming\Microsoft\zrnips.exe | Code function: 5_2_0FCD6660 EnterCriticalSection,CryptAcquireContextW,GetLastError,CryptAcquireContextW,CryptImportKey,CryptGetKeyParam,CryptEncrypt,GetLastError,CryptReleaseContext,LeaveCriticalSection, |
Source: C:\Users\user\AppData\Roaming\Microsoft\zrnips.exe | Code function: 5_2_0FCD5670 VirtualAlloc,VirtualAlloc,wsprintfW,lstrlenW,lstrlenW,VirtualFree,lstrlenW,VirtualAlloc,wsprintfA,VirtualAlloc,CryptBinaryToStringA,GetLastError,lstrlenA,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,VirtualFree,VirtualFree,VirtualFree, |
Source: C:\Users\user\AppData\Roaming\Microsoft\zrnips.exe | Code function: 5_2_0FCD8400 VirtualAlloc,CryptAcquireContextW,VirtualAlloc,GetModuleHandleA,LoadLibraryA,GetProcAddress,CryptReleaseContext,VirtualFree,CryptReleaseContext,VirtualFree, |
Source: W445hIpF47.exe, type: SAMPLE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: W445hIpF47.exe, type: SAMPLE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: W445hIpF47.exe, type: SAMPLE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 5.3.zrnips.exe.3960000.0.raw.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 5.3.zrnips.exe.3960000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 5.3.zrnips.exe.3960000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 5.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 5.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 5.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 15.3.zrnips.exe.2f20000.0.raw.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 15.3.zrnips.exe.2f20000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 15.3.zrnips.exe.2f20000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 23.3.zrnips.exe.3a10000.0.raw.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 23.3.zrnips.exe.3a10000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 23.3.zrnips.exe.3a10000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 19.3.zrnips.exe.36c0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 19.3.zrnips.exe.36c0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 19.3.zrnips.exe.36c0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 1.3.W445hIpF47.exe.3750000.0.raw.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 1.3.W445hIpF47.exe.3750000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 1.3.W445hIpF47.exe.3750000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 20.3.zrnips.exe.3d60000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 20.3.zrnips.exe.3d60000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 20.3.zrnips.exe.3d60000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 23.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 23.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 23.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 1.0.W445hIpF47.exe.fda0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 1.0.W445hIpF47.exe.fda0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 1.0.W445hIpF47.exe.fda0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 19.3.zrnips.exe.36c0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 19.3.zrnips.exe.36c0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 19.3.zrnips.exe.36c0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 13.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 13.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 13.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 7.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 7.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 7.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 12.3.zrnips.exe.3170000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 12.3.zrnips.exe.3170000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 12.3.zrnips.exe.3170000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 20.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 20.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 20.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 7.3.zrnips.exe.3990000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 7.3.zrnips.exe.3990000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 7.3.zrnips.exe.3990000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 15.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 15.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 15.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 3.3.zrnips.exe.34a0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 3.3.zrnips.exe.34a0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 3.3.zrnips.exe.34a0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 7.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 7.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 7.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 12.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 12.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 12.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 25.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 25.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 25.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 15.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 15.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 15.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 1.2.W445hIpF47.exe.fda0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 1.2.W445hIpF47.exe.fda0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 1.2.W445hIpF47.exe.fda0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 23.3.zrnips.exe.3a10000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 23.3.zrnips.exe.3a10000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 23.3.zrnips.exe.3a10000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 17.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 17.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 17.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 19.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 19.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 19.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 12.3.zrnips.exe.3170000.0.raw.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 12.3.zrnips.exe.3170000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 12.3.zrnips.exe.3170000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 12.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 12.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 12.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 1.3.W445hIpF47.exe.3750000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 1.3.W445hIpF47.exe.3750000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 1.3.W445hIpF47.exe.3750000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 15.3.zrnips.exe.2f20000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 15.3.zrnips.exe.2f20000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 15.3.zrnips.exe.2f20000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 7.3.zrnips.exe.3990000.0.raw.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 7.3.zrnips.exe.3990000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 7.3.zrnips.exe.3990000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 20.3.zrnips.exe.3d60000.0.raw.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 20.3.zrnips.exe.3d60000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 20.3.zrnips.exe.3d60000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 13.3.zrnips.exe.3240000.0.raw.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 13.3.zrnips.exe.3240000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 13.3.zrnips.exe.3240000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 3.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 3.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 3.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 5.3.zrnips.exe.3960000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 5.3.zrnips.exe.3960000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 5.3.zrnips.exe.3960000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 20.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 20.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 20.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 13.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 13.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 13.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 13.3.zrnips.exe.3240000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 13.3.zrnips.exe.3240000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 13.3.zrnips.exe.3240000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 8.3.zrnips.exe.3ca0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 8.3.zrnips.exe.3ca0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 8.3.zrnips.exe.3ca0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 17.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 17.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 17.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 5.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 5.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 5.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 23.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 23.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 23.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 8.3.zrnips.exe.3ca0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 8.3.zrnips.exe.3ca0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 8.3.zrnips.exe.3ca0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 8.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 8.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 8.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 3.3.zrnips.exe.34a0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 3.3.zrnips.exe.34a0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 3.3.zrnips.exe.34a0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 8.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 8.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 8.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 25.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 25.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 25.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 3.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 3.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 3.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 19.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 19.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 19.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 00000013.00000003.521241668.00000000036C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 00000013.00000003.521241668.00000000036C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 00000013.00000003.521241668.00000000036C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 00000007.00000003.408576390.0000000003990000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 00000007.00000003.408576390.0000000003990000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 00000007.00000003.408576390.0000000003990000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 00000005.00000003.384531740.0000000003960000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 00000005.00000003.384531740.0000000003960000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 00000005.00000003.384531740.0000000003960000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 00000014.00000003.546628326.0000000003D60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 00000014.00000003.546628326.0000000003D60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 00000014.00000003.546628326.0000000003D60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 00000017.00000003.574625963.0000000003A10000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 00000017.00000003.574625963.0000000003A10000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 00000017.00000003.574625963.0000000003A10000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 00000008.00000003.424307564.0000000003CA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 00000008.00000003.424307564.0000000003CA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 00000008.00000003.424307564.0000000003CA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 0000000D.00000003.462209860.0000000003240000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 0000000D.00000003.462209860.0000000003240000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 0000000D.00000003.462209860.0000000003240000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 0000000C.00000003.446505391.0000000003170000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 0000000C.00000003.446505391.0000000003170000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 0000000C.00000003.446505391.0000000003170000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 00000001.00000003.334801749.0000000003750000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 00000001.00000003.334801749.0000000003750000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 00000001.00000003.334801749.0000000003750000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 00000003.00000003.369063842.00000000034A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 00000003.00000003.369063842.00000000034A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 00000003.00000003.369063842.00000000034A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 0000000F.00000003.490038612.0000000002F20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 0000000F.00000003.490038612.0000000002F20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 0000000F.00000003.490038612.0000000002F20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: C:\Users\user\AppData\Roaming\Microsoft\zrnips.exe, type: DROPPED | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: C:\Users\user\AppData\Roaming\Microsoft\zrnips.exe, type: DROPPED | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: C:\Users\user\AppData\Roaming\Microsoft\zrnips.exe, type: DROPPED | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: W445hIpF47.exe, type: SAMPLE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: W445hIpF47.exe, type: SAMPLE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: W445hIpF47.exe, type: SAMPLE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: W445hIpF47.exe, type: SAMPLE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: W445hIpF47.exe, type: SAMPLE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 5.3.zrnips.exe.3960000.0.raw.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 5.3.zrnips.exe.3960000.0.raw.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 5.3.zrnips.exe.3960000.0.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 5.3.zrnips.exe.3960000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 5.3.zrnips.exe.3960000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 5.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 5.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 5.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 5.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 5.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 15.3.zrnips.exe.2f20000.0.raw.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 15.3.zrnips.exe.2f20000.0.raw.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 15.3.zrnips.exe.2f20000.0.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 15.3.zrnips.exe.2f20000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 15.3.zrnips.exe.2f20000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 23.3.zrnips.exe.3a10000.0.raw.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 23.3.zrnips.exe.3a10000.0.raw.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 23.3.zrnips.exe.3a10000.0.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 23.3.zrnips.exe.3a10000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 23.3.zrnips.exe.3a10000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 19.3.zrnips.exe.36c0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 19.3.zrnips.exe.36c0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 19.3.zrnips.exe.36c0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 19.3.zrnips.exe.36c0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 19.3.zrnips.exe.36c0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 1.3.W445hIpF47.exe.3750000.0.raw.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 1.3.W445hIpF47.exe.3750000.0.raw.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 1.3.W445hIpF47.exe.3750000.0.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 1.3.W445hIpF47.exe.3750000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 1.3.W445hIpF47.exe.3750000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 20.3.zrnips.exe.3d60000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 20.3.zrnips.exe.3d60000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 20.3.zrnips.exe.3d60000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 20.3.zrnips.exe.3d60000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 20.3.zrnips.exe.3d60000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 23.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 23.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 23.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 23.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 23.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 1.0.W445hIpF47.exe.fda0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 1.0.W445hIpF47.exe.fda0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 1.0.W445hIpF47.exe.fda0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 1.0.W445hIpF47.exe.fda0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 1.0.W445hIpF47.exe.fda0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 19.3.zrnips.exe.36c0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 19.3.zrnips.exe.36c0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 19.3.zrnips.exe.36c0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 19.3.zrnips.exe.36c0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 19.3.zrnips.exe.36c0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 13.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 13.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 13.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 13.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 13.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 7.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 7.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 7.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 7.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 7.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 12.3.zrnips.exe.3170000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 12.3.zrnips.exe.3170000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 12.3.zrnips.exe.3170000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 12.3.zrnips.exe.3170000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 12.3.zrnips.exe.3170000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 20.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 20.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 20.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 20.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 20.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 7.3.zrnips.exe.3990000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 7.3.zrnips.exe.3990000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 7.3.zrnips.exe.3990000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 7.3.zrnips.exe.3990000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 7.3.zrnips.exe.3990000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 15.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 15.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 15.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 15.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 15.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 3.3.zrnips.exe.34a0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 3.3.zrnips.exe.34a0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 3.3.zrnips.exe.34a0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 3.3.zrnips.exe.34a0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 3.3.zrnips.exe.34a0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 7.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 7.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 7.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 7.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 7.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 12.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 12.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 12.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 12.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 12.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 25.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 25.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 25.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 25.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 25.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 15.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 15.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 15.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 15.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 15.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 1.2.W445hIpF47.exe.fda0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 1.2.W445hIpF47.exe.fda0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 1.2.W445hIpF47.exe.fda0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 1.2.W445hIpF47.exe.fda0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 1.2.W445hIpF47.exe.fda0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 23.3.zrnips.exe.3a10000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 23.3.zrnips.exe.3a10000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 23.3.zrnips.exe.3a10000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 23.3.zrnips.exe.3a10000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 23.3.zrnips.exe.3a10000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 17.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 17.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 17.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 17.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 17.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 19.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 19.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 19.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 19.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 19.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 12.3.zrnips.exe.3170000.0.raw.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 12.3.zrnips.exe.3170000.0.raw.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 12.3.zrnips.exe.3170000.0.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 12.3.zrnips.exe.3170000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 12.3.zrnips.exe.3170000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 12.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 12.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 12.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 12.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 12.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 1.3.W445hIpF47.exe.3750000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 1.3.W445hIpF47.exe.3750000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 1.3.W445hIpF47.exe.3750000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 1.3.W445hIpF47.exe.3750000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 1.3.W445hIpF47.exe.3750000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 15.3.zrnips.exe.2f20000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 15.3.zrnips.exe.2f20000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 15.3.zrnips.exe.2f20000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 15.3.zrnips.exe.2f20000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 15.3.zrnips.exe.2f20000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 7.3.zrnips.exe.3990000.0.raw.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 7.3.zrnips.exe.3990000.0.raw.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 7.3.zrnips.exe.3990000.0.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 7.3.zrnips.exe.3990000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 7.3.zrnips.exe.3990000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 20.3.zrnips.exe.3d60000.0.raw.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 20.3.zrnips.exe.3d60000.0.raw.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 20.3.zrnips.exe.3d60000.0.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 20.3.zrnips.exe.3d60000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 20.3.zrnips.exe.3d60000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 13.3.zrnips.exe.3240000.0.raw.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 13.3.zrnips.exe.3240000.0.raw.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 13.3.zrnips.exe.3240000.0.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 13.3.zrnips.exe.3240000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 13.3.zrnips.exe.3240000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 3.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 3.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 3.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 3.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 3.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 5.3.zrnips.exe.3960000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 5.3.zrnips.exe.3960000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 5.3.zrnips.exe.3960000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 5.3.zrnips.exe.3960000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 5.3.zrnips.exe.3960000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 20.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 20.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 20.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 20.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 20.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 13.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 13.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 13.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 13.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 13.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 13.3.zrnips.exe.3240000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 13.3.zrnips.exe.3240000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 13.3.zrnips.exe.3240000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 13.3.zrnips.exe.3240000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 13.3.zrnips.exe.3240000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 8.3.zrnips.exe.3ca0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 8.3.zrnips.exe.3ca0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 8.3.zrnips.exe.3ca0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 8.3.zrnips.exe.3ca0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 8.3.zrnips.exe.3ca0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 17.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 17.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 17.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 17.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 17.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 5.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 5.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 5.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 5.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 5.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 23.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 23.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 23.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 23.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 23.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 8.3.zrnips.exe.3ca0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 8.3.zrnips.exe.3ca0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 8.3.zrnips.exe.3ca0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 8.3.zrnips.exe.3ca0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 8.3.zrnips.exe.3ca0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 8.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 8.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 8.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 8.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 8.0.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 3.3.zrnips.exe.34a0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 3.3.zrnips.exe.34a0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 3.3.zrnips.exe.34a0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 3.3.zrnips.exe.34a0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 3.3.zrnips.exe.34a0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 8.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 8.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 8.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 8.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 8.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 25.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 25.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 25.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 25.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 25.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 3.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 3.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 3.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 3.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 3.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 19.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 19.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 19.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 19.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 19.2.zrnips.exe.fcd0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 00000013.00000003.521241668.00000000036C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 00000013.00000003.521241668.00000000036C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 00000013.00000003.521241668.00000000036C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 00000013.00000003.521241668.00000000036C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 00000013.00000003.521241668.00000000036C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 00000007.00000003.408576390.0000000003990000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 00000007.00000003.408576390.0000000003990000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 00000007.00000003.408576390.0000000003990000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 00000007.00000003.408576390.0000000003990000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 00000007.00000003.408576390.0000000003990000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 00000005.00000003.384531740.0000000003960000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 00000005.00000003.384531740.0000000003960000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 00000005.00000003.384531740.0000000003960000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 00000005.00000003.384531740.0000000003960000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 00000005.00000003.384531740.0000000003960000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 00000014.00000003.546628326.0000000003D60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 00000014.00000003.546628326.0000000003D60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 00000014.00000003.546628326.0000000003D60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 00000014.00000003.546628326.0000000003D60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 00000014.00000003.546628326.0000000003D60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 00000017.00000003.574625963.0000000003A10000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 00000017.00000003.574625963.0000000003A10000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 00000017.00000003.574625963.0000000003A10000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 00000017.00000003.574625963.0000000003A10000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 00000017.00000003.574625963.0000000003A10000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 00000008.00000003.424307564.0000000003CA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 00000008.00000003.424307564.0000000003CA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 00000008.00000003.424307564.0000000003CA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 00000008.00000003.424307564.0000000003CA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 00000008.00000003.424307564.0000000003CA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 0000000D.00000003.462209860.0000000003240000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 0000000D.00000003.462209860.0000000003240000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 0000000D.00000003.462209860.0000000003240000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 0000000D.00000003.462209860.0000000003240000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 0000000D.00000003.462209860.0000000003240000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 0000000C.00000003.446505391.0000000003170000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 0000000C.00000003.446505391.0000000003170000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 0000000C.00000003.446505391.0000000003170000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 0000000C.00000003.446505391.0000000003170000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 0000000C.00000003.446505391.0000000003170000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 00000001.00000003.334801749.0000000003750000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 00000001.00000003.334801749.0000000003750000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 00000001.00000003.334801749.0000000003750000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 00000001.00000003.334801749.0000000003750000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 00000001.00000003.334801749.0000000003750000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 00000003.00000003.369063842.00000000034A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 00000003.00000003.369063842.00000000034A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 00000003.00000003.369063842.00000000034A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 00000003.00000003.369063842.00000000034A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 00000003.00000003.369063842.00000000034A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 0000000F.00000003.490038612.0000000002F20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 0000000F.00000003.490038612.0000000002F20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 0000000F.00000003.490038612.0000000002F20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 0000000F.00000003.490038612.0000000002F20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 0000000F.00000003.490038612.0000000002F20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: Process Memory Space: zrnips.exe PID: 4940, type: MEMORYSTR | Matched rule: HKTL_Meterpreter_inMemory date = 2020-06-29, author = netbiosX, Florian Roth, description = Detects Meterpreter in-memory, score = , reference = https://www.reddit.com/r/purpleteamsec/comments/hjux11/meterpreter_memory_indicators_detection_tooling/ |
Source: Process Memory Space: zrnips.exe PID: 5684, type: MEMORYSTR | Matched rule: HKTL_Meterpreter_inMemory date = 2020-06-29, author = netbiosX, Florian Roth, description = Detects Meterpreter in-memory, score = , reference = https://www.reddit.com/r/purpleteamsec/comments/hjux11/meterpreter_memory_indicators_detection_tooling/ |
Source: Process Memory Space: zrnips.exe PID: 5408, type: MEMORYSTR | Matched rule: HKTL_Meterpreter_inMemory date = 2020-06-29, author = netbiosX, Florian Roth, description = Detects Meterpreter in-memory, score = , reference = https://www.reddit.com/r/purpleteamsec/comments/hjux11/meterpreter_memory_indicators_detection_tooling/ |
Source: C:\Users\user\AppData\Roaming\Microsoft\zrnips.exe, type: DROPPED | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: C:\Users\user\AppData\Roaming\Microsoft\zrnips.exe, type: DROPPED | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: C:\Users\user\AppData\Roaming\Microsoft\zrnips.exe, type: DROPPED | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: C:\Users\user\AppData\Roaming\Microsoft\zrnips.exe, type: DROPPED | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: C:\Users\user\AppData\Roaming\Microsoft\zrnips.exe, type: DROPPED | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |