Windows Analysis Report
wThN5MTIsw.exe

Overview

General Information

Sample Name: wThN5MTIsw.exe
Analysis ID: 694565
MD5: 1813521f3884de8427728b54b5c9a391
SHA1: 874f4efd9b2ba64fa3bcb6ae87b116bd526b85c3
SHA256: 4e705159b6c3a72b2b160486b9d582f05e34cd89a767428ef47ff6562b39619e
Tags: exeGandCrab
Infos:

Detection

Gandcrab, ReflectiveLoader
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Yara detected Gandcrab
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Yara detected ReflectiveLoader
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Creates multiple autostart registry keys
Found evasive API chain (may stop execution after checking mutex)
Contains functionality to determine the online IP of the system
Found Tor onion address
Machine Learning detection for sample
May check the online IP address of the machine
Machine Learning detection for dropped file
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Contains functionality to dynamically determine API calls
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a DirectInput object (often for capturing keystrokes)
Queries information about the installed CPU (vendor, model number etc)
PE file contains an invalid checksum
Drops PE files
Contains functionality to read the PEB
Contains functionality to enumerate device drivers
Checks for available system drives (often done to infect USB drives)
Uses Microsoft's Enhanced Cryptographic Provider

Classification

AV Detection

barindex
Source: wThN5MTIsw.exe Virustotal: Detection: 90% Perma Link
Source: wThN5MTIsw.exe ReversingLabs: Detection: 93%
Source: wThN5MTIsw.exe Avira: detected
Source: http://gdcbmuveqjsli57x.onion/cec3c1ad6b0ea08f Avira URL Cloud: Label: malware
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe Avira: detection malicious, Label: TR/Dropper.Gen
Source: wThN5MTIsw.exe Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe Joe Sandbox ML: detected
Source: 34.3.ssapst.exe.32a0000.0.unpack Avira: Label: TR/Patched.Ren.Gen
Source: 0.3.wThN5MTIsw.exe.3170000.0.unpack Avira: Label: TR/Patched.Ren.Gen
Source: 18.2.ssapst.exe.fe60000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 32.2.ssapst.exe.fe60000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 6.2.ssapst.exe.fe60000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 0.0.wThN5MTIsw.exe.f4e0000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 24.3.ssapst.exe.3b60000.0.unpack Avira: Label: TR/Patched.Ren.Gen
Source: 31.2.ssapst.exe.fe60000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 24.0.ssapst.exe.fe60000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 19.0.ssapst.exe.fe60000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 6.3.ssapst.exe.2f70000.0.unpack Avira: Label: TR/Patched.Ren.Gen
Source: 35.0.ssapst.exe.fe60000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 12.0.ssapst.exe.fe60000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 19.2.ssapst.exe.fe60000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 30.2.ssapst.exe.fe60000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 8.2.ssapst.exe.fe60000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 26.3.ssapst.exe.3830000.0.unpack Avira: Label: TR/Patched.Ren.Gen
Source: 12.2.ssapst.exe.fe60000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 25.3.ssapst.exe.36d0000.0.unpack Avira: Label: TR/Patched.Ren.Gen
Source: 15.2.ssapst.exe.fe60000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 15.3.ssapst.exe.3300000.0.unpack Avira: Label: TR/Patched.Ren.Gen
Source: 35.2.ssapst.exe.fe60000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 12.3.ssapst.exe.3730000.0.unpack Avira: Label: TR/Patched.Ren.Gen
Source: 33.2.ssapst.exe.fe60000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 17.0.ssapst.exe.fe60000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 18.3.ssapst.exe.3230000.0.unpack Avira: Label: TR/Patched.Ren.Gen
Source: 8.0.ssapst.exe.fe60000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 22.2.ssapst.exe.fe60000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 24.2.ssapst.exe.fe60000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 14.0.ssapst.exe.fe60000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 19.3.ssapst.exe.3520000.0.unpack Avira: Label: TR/Patched.Ren.Gen
Source: 25.2.ssapst.exe.fe60000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 17.2.ssapst.exe.fe60000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 8.3.ssapst.exe.30f0000.0.unpack Avira: Label: TR/Patched.Ren.Gen
Source: 22.0.ssapst.exe.fe60000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 4.3.ssapst.exe.38c0000.0.unpack Avira: Label: TR/Patched.Ren.Gen
Source: 30.0.ssapst.exe.fe60000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 14.3.ssapst.exe.3730000.0.unpack Avira: Label: TR/Patched.Ren.Gen
Source: 34.2.ssapst.exe.fe60000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 14.2.ssapst.exe.fe60000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 25.0.ssapst.exe.fe60000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 30.3.ssapst.exe.2fc0000.0.unpack Avira: Label: TR/Patched.Ren.Gen
Source: 33.3.ssapst.exe.3d30000.0.unpack Avira: Label: TR/Patched.Ren.Gen
Source: 2.3.ssapst.exe.3640000.0.unpack Avira: Label: TR/Patched.Ren.Gen
Source: 2.2.ssapst.exe.fe60000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 0.2.wThN5MTIsw.exe.f4e0000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 33.0.ssapst.exe.fe60000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 34.0.ssapst.exe.fe60000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 4.2.ssapst.exe.fe60000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 4.0.ssapst.exe.fe60000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 31.0.ssapst.exe.fe60000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 15.0.ssapst.exe.fe60000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 26.0.ssapst.exe.fe60000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 2.0.ssapst.exe.fe60000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 32.3.ssapst.exe.3790000.0.unpack Avira: Label: TR/Patched.Ren.Gen
Source: 6.0.ssapst.exe.fe60000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 26.2.ssapst.exe.fe60000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 32.0.ssapst.exe.fe60000.0.unpack Avira: Label: TR/Dropper.Gen
Source: 18.0.ssapst.exe.fe60000.0.unpack Avira: Label: TR/Dropper.Gen
Source: C:\Users\user\Desktop\wThN5MTIsw.exe Code function: 0_2_0F4E5860 VirtualAlloc,VirtualFree,CryptBinaryToStringA,CryptBinaryToStringA,CryptBinaryToStringA,lstrlenA,lstrlenA,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrcatW,lstrcatW,lstrlenW,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcatW,VirtualFree,VirtualFree,VirtualFree,lstrcatW,lstrlenW,lstrlenW,lstrlenA,MultiByteToWideChar,lstrcatW,lstrlenW,lstrlenA,MultiByteToWideChar,lstrcatW,lstrlenW,lstrlenW,VirtualAlloc,lstrlenW,lstrlenW,VirtualFree,lstrlenW,VirtualAlloc,wsprintfA,lstrlenW,CryptBinaryToStringA,GetLastError,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,lstrlenA,MultiByteToWideChar,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree, 0_2_0F4E5860
Source: C:\Users\user\Desktop\wThN5MTIsw.exe Code function: 0_2_0F4E8400 VirtualAlloc,CryptAcquireContextW,VirtualAlloc,GetModuleHandleA,LoadLibraryA,GetProcAddress,CryptReleaseContext,VirtualFree,CryptReleaseContext,VirtualFree, 0_2_0F4E8400
Source: C:\Users\user\Desktop\wThN5MTIsw.exe Code function: 0_2_0F4E4B20 EntryPoint,Sleep,ExitProcess,CreateThread,WaitForSingleObject,TerminateThread,CloseHandle,VirtualAlloc,GetModuleFileNameW,VirtualFree,ExitProcess,Sleep,lstrlenA,VirtualAlloc,CryptStringToBinaryA,ExitProcess,InitializeCriticalSection,DeleteCriticalSection,VirtualAlloc,GetModuleFileNameW,VirtualFree,ShellExecuteW,ExitThread, 0_2_0F4E4B20
Source: C:\Users\user\Desktop\wThN5MTIsw.exe Code function: 0_2_0F4E63E0 CryptAcquireContextW,GetLastError,CryptAcquireContextW,CryptGenKey,CryptExportKey,CryptExportKey,CryptDestroyKey,CryptReleaseContext,CryptAcquireContextW, 0_2_0F4E63E0
Source: C:\Users\user\Desktop\wThN5MTIsw.exe Code function: 0_2_0F4E82B0 CryptAcquireContextW,VirtualAlloc,GetModuleHandleA,LoadLibraryA,GetProcAddress,CryptReleaseContext,VirtualFree,CryptReleaseContext,VirtualFree, 0_2_0F4E82B0
Source: C:\Users\user\Desktop\wThN5MTIsw.exe Code function: 0_2_0F4E6660 EnterCriticalSection,CryptAcquireContextW,GetLastError,CryptAcquireContextW,CryptImportKey,CryptGetKeyParam,CryptEncrypt,GetLastError,CryptReleaseContext,LeaveCriticalSection, 0_2_0F4E6660
Source: C:\Users\user\Desktop\wThN5MTIsw.exe Code function: 0_2_0F4E5670 VirtualAlloc,VirtualAlloc,wsprintfW,lstrlenW,lstrlenW,VirtualFree,lstrlenW,VirtualAlloc,wsprintfA,VirtualAlloc,CryptBinaryToStringA,GetLastError,lstrlenA,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,VirtualFree,VirtualFree,VirtualFree, 0_2_0F4E5670
Source: C:\Users\user\Desktop\wThN5MTIsw.exe Code function: 0_2_0F4E53D0 lstrlenA,VirtualAlloc,CryptStringToBinaryA,lstrlenA,VirtualAlloc,lstrcpyA,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,VirtualFree,GetLastError,lstrlenA,lstrlenA,VirtualAlloc,VirtualAlloc,VirtualAlloc,lstrcatA,lstrlenA,lstrlenW,lstrlenA,VirtualFree,VirtualFree,VirtualFree,VirtualFree,InternetCloseHandle, 0_2_0F4E53D0
Source: C:\Users\user\Desktop\wThN5MTIsw.exe Code function: 0_2_0F4E34F0 lstrlenA,VirtualAlloc,VirtualAlloc,CryptStringToBinaryA,VirtualAlloc,VirtualAlloc,wsprintfW,wsprintfW,wsprintfW,VirtualFree, 0_2_0F4E34F0
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe Code function: 2_2_0FE663E0 CryptAcquireContextW,GetLastError,CryptAcquireContextW,CryptGenKey,CryptExportKey,CryptExportKey,CryptDestroyKey,CryptReleaseContext,CryptAcquireContextW, 2_2_0FE663E0
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe Code function: 2_2_0FE682B0 CryptAcquireContextW,VirtualAlloc,GetModuleHandleA,LoadLibraryA,GetProcAddress,CryptReleaseContext,VirtualFree,CryptReleaseContext,VirtualFree, 2_2_0FE682B0
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe Code function: 2_2_0FE65860 VirtualAlloc,VirtualFree,CryptBinaryToStringA,CryptBinaryToStringA,CryptBinaryToStringA,lstrlenA,lstrlenA,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrcatW,lstrcatW,lstrlenW,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcatW,VirtualFree,VirtualFree,VirtualFree,lstrcatW,lstrlenW,lstrlenW,lstrlenA,MultiByteToWideChar,lstrcatW,lstrlenW,lstrlenA,MultiByteToWideChar,lstrcatW,lstrlenW,lstrlenW,VirtualAlloc,lstrlenW,lstrlenW,VirtualFree,lstrlenW,VirtualAlloc,wsprintfA,lstrlenW,CryptBinaryToStringA,GetLastError,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,lstrlenA,MultiByteToWideChar,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree, 2_2_0FE65860
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe Code function: 2_2_0FE64B20 EntryPoint,Sleep,ExitProcess,CreateThread,WaitForSingleObject,TerminateThread,CloseHandle,VirtualAlloc,GetModuleFileNameW,VirtualFree,ExitProcess,Sleep,lstrlenA,VirtualAlloc,CryptStringToBinaryA,ExitProcess,InitializeCriticalSection,DeleteCriticalSection,VirtualAlloc,GetModuleFileNameW,VirtualFree,ShellExecuteW,ExitThread, 2_2_0FE64B20
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe Code function: 2_2_0FE634F0 lstrlenA,VirtualAlloc,VirtualAlloc,CryptStringToBinaryA,VirtualAlloc,VirtualAlloc,wsprintfW,wsprintfW,wsprintfW,VirtualFree, 2_2_0FE634F0
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe Code function: 2_2_0FE653D0 lstrlenA,VirtualAlloc,CryptStringToBinaryA,lstrlenA,VirtualAlloc,lstrcpyA,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,VirtualFree,GetLastError,lstrlenA,lstrlenA,VirtualAlloc,VirtualAlloc,VirtualAlloc,lstrcatA,lstrlenA,lstrlenW,lstrlenA,VirtualFree,VirtualFree,VirtualFree,VirtualFree,InternetCloseHandle, 2_2_0FE653D0
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe Code function: 2_2_0FE66660 EnterCriticalSection,CryptAcquireContextW,GetLastError,CryptAcquireContextW,CryptImportKey,CryptGetKeyParam,CryptEncrypt,GetLastError,CryptReleaseContext,LeaveCriticalSection, 2_2_0FE66660
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe Code function: 2_2_0FE65670 VirtualAlloc,VirtualAlloc,wsprintfW,lstrlenW,lstrlenW,VirtualFree,lstrlenW,VirtualAlloc,wsprintfA,VirtualAlloc,CryptBinaryToStringA,GetLastError,lstrlenA,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,VirtualFree,VirtualFree,VirtualFree, 2_2_0FE65670
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe Code function: 2_2_0FE68400 CryptAcquireContextW,VirtualAlloc,GetModuleHandleA,LoadLibraryA,GetProcAddress,CryptReleaseContext,VirtualFree,CryptReleaseContext,VirtualFree, 2_2_0FE68400
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe Code function: 4_2_0FE663E0 CryptAcquireContextW,GetLastError,CryptAcquireContextW,CryptGenKey,CryptExportKey,CryptExportKey,CryptDestroyKey,CryptReleaseContext,CryptAcquireContextW, 4_2_0FE663E0
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe Code function: 4_2_0FE682B0 CryptAcquireContextW,VirtualAlloc,GetModuleHandleA,LoadLibraryA,GetProcAddress,CryptReleaseContext,VirtualFree,CryptReleaseContext,VirtualFree, 4_2_0FE682B0
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe Code function: 4_2_0FE65860 VirtualAlloc,VirtualFree,CryptBinaryToStringA,CryptBinaryToStringA,CryptBinaryToStringA,lstrlenA,lstrlenA,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrcatW,lstrcatW,lstrlenW,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcatW,VirtualFree,VirtualFree,VirtualFree,lstrcatW,lstrlenW,lstrlenW,lstrlenA,MultiByteToWideChar,lstrcatW,lstrlenW,lstrlenA,MultiByteToWideChar,lstrcatW,lstrlenW,lstrlenW,VirtualAlloc,lstrlenW,lstrlenW,VirtualFree,lstrlenW,VirtualAlloc,wsprintfA,lstrlenW,CryptBinaryToStringA,GetLastError,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,lstrlenA,MultiByteToWideChar,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree, 4_2_0FE65860
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe Code function: 4_2_0FE64B20 EntryPoint,Sleep,ExitProcess,CreateThread,WaitForSingleObject,TerminateThread,CloseHandle,VirtualAlloc,GetModuleFileNameW,VirtualFree,ExitProcess,Sleep,lstrlenA,VirtualAlloc,CryptStringToBinaryA,ExitProcess,InitializeCriticalSection,DeleteCriticalSection,VirtualAlloc,GetModuleFileNameW,VirtualFree,ShellExecuteW,ExitThread, 4_2_0FE64B20
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe Code function: 4_2_0FE634F0 lstrlenA,VirtualAlloc,VirtualAlloc,CryptStringToBinaryA,VirtualAlloc,VirtualAlloc,wsprintfW,wsprintfW,wsprintfW,VirtualFree, 4_2_0FE634F0
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe Code function: 4_2_0FE653D0 lstrlenA,VirtualAlloc,CryptStringToBinaryA,lstrlenA,VirtualAlloc,lstrcpyA,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,VirtualFree,GetLastError,lstrlenA,lstrlenA,VirtualAlloc,VirtualAlloc,VirtualAlloc,lstrcatA,lstrlenA,lstrlenW,lstrlenA,VirtualFree,VirtualFree,VirtualFree,VirtualFree,InternetCloseHandle, 4_2_0FE653D0
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe Code function: 4_2_0FE66660 EnterCriticalSection,CryptAcquireContextW,GetLastError,CryptAcquireContextW,CryptImportKey,CryptGetKeyParam,CryptEncrypt,GetLastError,CryptReleaseContext,LeaveCriticalSection, 4_2_0FE66660
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe Code function: 4_2_0FE65670 VirtualAlloc,VirtualAlloc,wsprintfW,lstrlenW,lstrlenW,VirtualFree,lstrlenW,VirtualAlloc,wsprintfA,VirtualAlloc,CryptBinaryToStringA,GetLastError,lstrlenA,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,VirtualFree,VirtualFree,VirtualFree, 4_2_0FE65670
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe Code function: 4_2_0FE68400 CryptAcquireContextW,VirtualAlloc,GetModuleHandleA,LoadLibraryA,GetProcAddress,CryptReleaseContext,VirtualFree,CryptReleaseContext,VirtualFree, 4_2_0FE68400
Source: wThN5MTIsw.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: wThN5MTIsw.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe File opened: z:
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe File opened: x:
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe File opened: v:
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe File opened: t:
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe File opened: r:
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe File opened: p:
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe File opened: n:
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe File opened: l:
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe File opened: j:
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe File opened: h:
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe File opened: f:
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe File opened: b:
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe File opened: y:
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe File opened: w:
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe File opened: u:
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe File opened: s:
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe File opened: q:
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe File opened: o:
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe File opened: m:
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe File opened: k:
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe File opened: i:
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe File opened: g:
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe File opened: e:
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe File opened: a:
Source: C:\Users\user\Desktop\wThN5MTIsw.exe Code function: 0_2_0F4E6DF0 lstrlenW,lstrcatW,lstrcatW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcatW,lstrcatW,lstrcatW,FindNextFileW,FindClose, 0_2_0F4E6DF0
Source: C:\Users\user\Desktop\wThN5MTIsw.exe Code function: 0_2_0F4E6BA0 lstrlenW,lstrcatW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcatW,lstrlenW,lstrcmpW,CreateFileW,GetFileSize,VirtualAlloc,ReadFile,lstrlenA,VirtualFree,CloseHandle,lstrcmpW,FindNextFileW,FindClose, 0_2_0F4E6BA0
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe Code function: 2_2_0FE66DF0 lstrlenW,lstrcatW,lstrcatW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcatW,lstrcatW,lstrcatW,FindNextFileW,FindClose, 2_2_0FE66DF0
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe Code function: 2_2_0FE66BA0 lstrlenW,lstrcatW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcatW,lstrlenW,lstrcmpW,CreateFileW,GetFileSize,VirtualAlloc,ReadFile,lstrlenA,VirtualFree,CloseHandle,lstrcmpW,FindNextFileW,FindClose, 2_2_0FE66BA0
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe Code function: 4_2_0FE66DF0 lstrlenW,lstrcatW,lstrcatW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcatW,lstrcatW,lstrcatW,FindNextFileW,FindClose, 4_2_0FE66DF0
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe Code function: 4_2_0FE66BA0 lstrlenW,lstrcatW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcatW,lstrlenW,lstrcmpW,CreateFileW,GetFileSize,VirtualAlloc,ReadFile,lstrlenA,VirtualFree,CloseHandle,lstrcmpW,FindNextFileW,FindClose, 4_2_0FE66BA0

Networking

barindex
Source: C:\Users\user\Desktop\wThN5MTIsw.exe Code function: 0_2_0F4E6FF0 VirtualAlloc,VirtualAlloc,lstrlenW,lstrlenA,wsprintfW,VirtualFree,InternetCloseHandle, ipv4bot.whatismyipaddress.com 0_2_0F4E6FF0
Source: C:\Users\user\Desktop\wThN5MTIsw.exe Code function: 0_2_0F4E6FF0 VirtualAlloc,VirtualAlloc,lstrlenW,lstrlenA,wsprintfW,VirtualFree,InternetCloseHandle, ipv4bot.whatismyipaddress.com 0_2_0F4E6FF0
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe Code function: 2_2_0FE66FF0 VirtualAlloc,VirtualAlloc,lstrlenW,lstrlenA,wsprintfW,VirtualFree,InternetCloseHandle, ipv4bot.whatismyipaddress.com 2_2_0FE66FF0
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe Code function: 2_2_0FE66FF0 VirtualAlloc,VirtualAlloc,lstrlenW,lstrlenA,wsprintfW,VirtualFree,InternetCloseHandle, ipv4bot.whatismyipaddress.com 2_2_0FE66FF0
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe Code function: 4_2_0FE66FF0 VirtualAlloc,VirtualAlloc,lstrlenW,lstrlenA,wsprintfW,VirtualFree,InternetCloseHandle, ipv4bot.whatismyipaddress.com 4_2_0FE66FF0
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe Code function: 4_2_0FE66FF0 VirtualAlloc,VirtualAlloc,lstrlenW,lstrlenA,wsprintfW,VirtualFree,InternetCloseHandle, ipv4bot.whatismyipaddress.com 4_2_0FE66FF0
Source: wThN5MTIsw.exe, 00000000.00000002.335680061.000000000F4F2000.00000004.00000001.01000000.00000003.sdmp String found in binary or memory: 4. Open link in tor browser: http://gdcbmuveqjsli57x.onion/cec3c1ad6b0ea08f
Source: ssapst.exe, 00000002.00000002.370333139.000000000FE72000.00000004.00000001.01000000.00000004.sdmp String found in binary or memory: 4. Open link in tor browser: http://gdcbmuveqjsli57x.onion/cec3c1ad6b0ea08f
Source: ssapst.exe, 00000004.00000002.383047915.000000000FE72000.00000004.00000001.01000000.00000004.sdmp String found in binary or memory: 4. Open link in tor browser: http://gdcbmuveqjsli57x.onion/cec3c1ad6b0ea08f
Source: ssapst.exe, 00000006.00000002.406483395.000000000FE72000.00000004.00000001.01000000.00000004.sdmp String found in binary or memory: 4. Open link in tor browser: http://gdcbmuveqjsli57x.onion/cec3c1ad6b0ea08f
Source: ssapst.exe, 00000008.00000002.421052694.000000000FE72000.00000004.00000001.01000000.00000004.sdmp String found in binary or memory: 4. Open link in tor browser: http://gdcbmuveqjsli57x.onion/cec3c1ad6b0ea08f
Source: ssapst.exe, 0000000C.00000002.445300926.000000000FE72000.00000004.00000001.01000000.00000004.sdmp String found in binary or memory: 4. Open link in tor browser: http://gdcbmuveqjsli57x.onion/cec3c1ad6b0ea08f
Source: ssapst.exe, 0000000E.00000002.457737689.000000000FE72000.00000004.00000001.01000000.00000004.sdmp String found in binary or memory: 4. Open link in tor browser: http://gdcbmuveqjsli57x.onion/cec3c1ad6b0ea08f
Source: ssapst.exe, 0000000F.00000002.485790617.000000000FE72000.00000004.00000001.01000000.00000004.sdmp String found in binary or memory: 4. Open link in tor browser: http://gdcbmuveqjsli57x.onion/cec3c1ad6b0ea08f
Source: ssapst.exe, 00000012.00000002.521001527.000000000FE72000.00000004.00000001.01000000.00000004.sdmp String found in binary or memory: 4. Open link in tor browser: http://gdcbmuveqjsli57x.onion/cec3c1ad6b0ea08f
Source: ssapst.exe, 00000013.00000002.556559672.000000000FE72000.00000004.00000001.01000000.00000004.sdmp String found in binary or memory: 4. Open link in tor browser: http://gdcbmuveqjsli57x.onion/cec3c1ad6b0ea08f
Source: ssapst.exe, 00000018.00000002.585820146.000000000FE72000.00000004.00000001.01000000.00000004.sdmp String found in binary or memory: 4. Open link in tor browser: http://gdcbmuveqjsli57x.onion/cec3c1ad6b0ea08f
Source: ssapst.exe, 00000019.00000002.608758289.000000000FE72000.00000004.00000001.01000000.00000004.sdmp String found in binary or memory: 4. Open link in tor browser: http://gdcbmuveqjsli57x.onion/cec3c1ad6b0ea08f
Source: ssapst.exe, 0000001A.00000002.628251824.000000000FE72000.00000004.00000001.01000000.00000004.sdmp String found in binary or memory: 4. Open link in tor browser: http://gdcbmuveqjsli57x.onion/cec3c1ad6b0ea08f
Source: ssapst.exe, 0000001E.00000002.654951583.000000000FE72000.00000004.00000001.01000000.00000004.sdmp String found in binary or memory: 4. Open link in tor browser: http://gdcbmuveqjsli57x.onion/cec3c1ad6b0ea08f
Source: ssapst.exe, 00000020.00000002.682007928.000000000FE72000.00000004.00000001.01000000.00000004.sdmp String found in binary or memory: 4. Open link in tor browser: http://gdcbmuveqjsli57x.onion/cec3c1ad6b0ea08f
Source: ssapst.exe, 00000021.00000002.703365325.000000000FE72000.00000004.00000001.01000000.00000004.sdmp String found in binary or memory: 4. Open link in tor browser: http://gdcbmuveqjsli57x.onion/cec3c1ad6b0ea08f
Source: ssapst.exe, 00000022.00000002.734737605.000000000FE72000.00000004.00000001.01000000.00000004.sdmp String found in binary or memory: 4. Open link in tor browser: http://gdcbmuveqjsli57x.onion/cec3c1ad6b0ea08f
Source: C:\Users\user\Desktop\wThN5MTIsw.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\Desktop\wThN5MTIsw.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\Desktop\wThN5MTIsw.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\Desktop\wThN5MTIsw.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\Desktop\wThN5MTIsw.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe DNS query: name: ipv4bot.whatismyipaddress.com
Source: wThN5MTIsw.exe, 00000000.00000002.335680061.000000000F4F2000.00000004.00000001.01000000.00000003.sdmp, ssapst.exe, 00000002.00000002.370333139.000000000FE72000.00000004.00000001.01000000.00000004.sdmp, ssapst.exe, 00000004.00000002.383047915.000000000FE72000.00000004.00000001.01000000.00000004.sdmp, ssapst.exe, 00000006.00000002.406483395.000000000FE72000.00000004.00000001.01000000.00000004.sdmp, ssapst.exe, 00000008.00000002.421052694.000000000FE72000.00000004.00000001.01000000.00000004.sdmp, ssapst.exe, 0000000C.00000002.445300926.000000000FE72000.00000004.00000001.01000000.00000004.sdmp, ssapst.exe, 0000000E.00000002.457737689.000000000FE72000.00000004.00000001.01000000.00000004.sdmp, ssapst.exe, 0000000F.00000002.485790617.000000000FE72000.00000004.00000001.01000000.00000004.sdmp, ssapst.exe, 00000012.00000002.521001527.000000000FE72000.00000004.00000001.01000000.00000004.sdmp, ssapst.exe, 00000013.00000002.556559672.000000000FE72000.00000004.00000001.01000000.00000004.sdmp, ssapst.exe, 00000018.00000002.585820146.000000000FE72000.00000004.00000001.01000000.00000004.sdmp, ssapst.exe, 00000019.00000002.608758289.000000000FE72000.00000004.00000001.01000000.00000004.sdmp, ssapst.exe, 0000001A.00000002.628251824.000000000FE72000.00000004.00000001.01000000.00000004.sdmp, ssapst.exe, 0000001E.00000002.654951583.000000000FE72000.00000004.00000001.01000000.00000004.sdmp, ssapst.exe, 00000020.00000002.682007928.000000000FE72000.00000004.00000001.01000000.00000004.sdmp, ssapst.exe, 00000021.00000002.703365325.000000000FE72000.00000004.00000001.01000000.00000004.sdmp, ssapst.exe, 00000022.00000002.734737605.000000000FE72000.00000004.00000001.01000000.00000004.sdmp String found in binary or memory: http://gdcbmuveqjsli57x.onion/cec3c1ad6b0ea08f
Source: ssapst.exe, 00000019.00000003.601906375.0000000000F31000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ipv4bot.whatismyipaddress.com/
Source: ssapst.exe, 00000018.00000002.585108554.00000000012E8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ipv4bot.whatismyipaddress.com/&
Source: ssapst.exe, 00000002.00000002.369878312.0000000000DCA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ipv4bot.whatismyipaddress.com/)
Source: wThN5MTIsw.exe, 00000000.00000002.335452470.00000000008D9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ipv4bot.whatismyipaddress.com/2
Source: ssapst.exe, 00000018.00000002.585108554.00000000012E8000.00000004.00000020.00020000.00000000.sdmp, ssapst.exe, 00000019.00000002.605561331.0000000000EF8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ipv4bot.whatismyipaddress.com/5
Source: ssapst.exe, 00000002.00000002.369878312.0000000000DCA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ipv4bot.whatismyipaddress.com/G%b
Source: ssapst.exe, 00000004.00000002.382761696.0000000001018000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ipv4bot.whatismyipaddress.com/I
Source: ssapst.exe, 00000002.00000002.369878312.0000000000DCA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ipv4bot.whatismyipaddress.com/I;
Source: ssapst.exe, 00000004.00000002.382761696.0000000001018000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ipv4bot.whatismyipaddress.com/QL
Source: ssapst.exe, 00000004.00000002.382761696.0000000001018000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ipv4bot.whatismyipaddress.com/S
Source: ssapst.exe, 00000019.00000002.607798154.0000000000F31000.00000004.00000020.00020000.00000000.sdmp, ssapst.exe, 00000019.00000003.601906375.0000000000F31000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ipv4bot.whatismyipaddress.com/g
Source: ssapst.exe, 00000018.00000002.585108554.00000000012E8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ipv4bot.whatismyipaddress.com/x
Source: wThN5MTIsw.exe, 00000000.00000002.335680061.000000000F4F2000.00000004.00000001.01000000.00000003.sdmp, ssapst.exe, 00000002.00000002.370333139.000000000FE72000.00000004.00000001.01000000.00000004.sdmp, ssapst.exe, 00000004.00000002.383047915.000000000FE72000.00000004.00000001.01000000.00000004.sdmp, ssapst.exe, 00000006.00000002.406483395.000000000FE72000.00000004.00000001.01000000.00000004.sdmp, ssapst.exe, 00000008.00000002.421052694.000000000FE72000.00000004.00000001.01000000.00000004.sdmp, ssapst.exe, 0000000C.00000002.445300926.000000000FE72000.00000004.00000001.01000000.00000004.sdmp, ssapst.exe, 0000000E.00000002.457737689.000000000FE72000.00000004.00000001.01000000.00000004.sdmp, ssapst.exe, 0000000F.00000002.485790617.000000000FE72000.00000004.00000001.01000000.00000004.sdmp, ssapst.exe, 00000012.00000002.521001527.000000000FE72000.00000004.00000001.01000000.00000004.sdmp, ssapst.exe, 00000013.00000002.556559672.000000000FE72000.00000004.00000001.01000000.00000004.sdmp, ssapst.exe, 00000018.00000002.585820146.000000000FE72000.00000004.00000001.01000000.00000004.sdmp, ssapst.exe, 00000019.00000002.608758289.000000000FE72000.00000004.00000001.01000000.00000004.sdmp, ssapst.exe, 0000001A.00000002.628251824.000000000FE72000.00000004.00000001.01000000.00000004.sdmp, ssapst.exe, 0000001E.00000002.654951583.000000000FE72000.00000004.00000001.01000000.00000004.sdmp, ssapst.exe, 00000020.00000002.682007928.000000000FE72000.00000004.00000001.01000000.00000004.sdmp, ssapst.exe, 00000021.00000002.703365325.000000000FE72000.00000004.00000001.01000000.00000004.sdmp, ssapst.exe, 00000022.00000002.734737605.000000000FE72000.00000004.00000001.01000000.00000004.sdmp String found in binary or memory: https://tox.chat/download.html
Source: wThN5MTIsw.exe, 00000000.00000002.335680061.000000000F4F2000.00000004.00000001.01000000.00000003.sdmp, ssapst.exe, 00000002.00000002.370333139.000000000FE72000.00000004.00000001.01000000.00000004.sdmp, ssapst.exe, 00000004.00000002.383047915.000000000FE72000.00000004.00000001.01000000.00000004.sdmp, ssapst.exe, 00000006.00000002.406483395.000000000FE72000.00000004.00000001.01000000.00000004.sdmp, ssapst.exe, 00000008.00000002.421052694.000000000FE72000.00000004.00000001.01000000.00000004.sdmp, ssapst.exe, 0000000C.00000002.445300926.000000000FE72000.00000004.00000001.01000000.00000004.sdmp, ssapst.exe, 0000000E.00000002.457737689.000000000FE72000.00000004.00000001.01000000.00000004.sdmp, ssapst.exe, 0000000F.00000002.485790617.000000000FE72000.00000004.00000001.01000000.00000004.sdmp, ssapst.exe, 00000012.00000002.521001527.000000000FE72000.00000004.00000001.01000000.00000004.sdmp, ssapst.exe, 00000013.00000002.556559672.000000000FE72000.00000004.00000001.01000000.00000004.sdmp, ssapst.exe, 00000018.00000002.585820146.000000000FE72000.00000004.00000001.01000000.00000004.sdmp, ssapst.exe, 00000019.00000002.608758289.000000000FE72000.00000004.00000001.01000000.00000004.sdmp, ssapst.exe, 0000001A.00000002.628251824.000000000FE72000.00000004.00000001.01000000.00000004.sdmp, ssapst.exe, 0000001E.00000002.654951583.000000000FE72000.00000004.00000001.01000000.00000004.sdmp, ssapst.exe, 00000020.00000002.682007928.000000000FE72000.00000004.00000001.01000000.00000004.sdmp, ssapst.exe, 00000021.00000002.703365325.000000000FE72000.00000004.00000001.01000000.00000004.sdmp, ssapst.exe, 00000022.00000002.734737605.000000000FE72000.00000004.00000001.01000000.00000004.sdmp String found in binary or memory: https://www.torproject.org/
Source: unknown DNS traffic detected: queries for: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\Desktop\wThN5MTIsw.exe Code function: 0_2_0F4E8050 lstrcatW,InternetCloseHandle,InternetConnectW,VirtualAlloc,wsprintfW,HttpOpenRequestW,HttpAddRequestHeadersW,HttpSendRequestW,InternetReadFile,InternetReadFile,GetLastError,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,VirtualFree, 0_2_0F4E8050
Source: wThN5MTIsw.exe, 00000000.00000002.335360112.00000000008BA000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

Spam, unwanted Advertisements and Ransom Demands

barindex
Source: Yara match File source: 18.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 19.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 8.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 12.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 15.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 32.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 30.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 6.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 24.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 25.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 34.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 14.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 33.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 2.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 4.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 26.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.wThN5MTIsw.exe.f4e0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0000001E.00000002.654951583.000000000FE72000.00000004.00000001.01000000.00000004.sdmp, type: MEMORY
Source: Yara match File source: 0000000C.00000002.445300926.000000000FE72000.00000004.00000001.01000000.00000004.sdmp, type: MEMORY
Source: Yara match File source: 00000018.00000002.585820146.000000000FE72000.00000004.00000001.01000000.00000004.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.335680061.000000000F4F2000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match File source: 00000008.00000002.421052694.000000000FE72000.00000004.00000001.01000000.00000004.sdmp, type: MEMORY
Source: Yara match File source: 00000019.00000002.608758289.000000000FE72000.00000004.00000001.01000000.00000004.sdmp, type: MEMORY
Source: Yara match File source: 00000021.00000002.703365325.000000000FE72000.00000004.00000001.01000000.00000004.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.370333139.000000000FE72000.00000004.00000001.01000000.00000004.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000002.406483395.000000000FE72000.00000004.00000001.01000000.00000004.sdmp, type: MEMORY
Source: Yara match File source: 00000013.00000002.556559672.000000000FE72000.00000004.00000001.01000000.00000004.sdmp, type: MEMORY
Source: Yara match File source: 0000001A.00000002.628251824.000000000FE72000.00000004.00000001.01000000.00000004.sdmp, type: MEMORY
Source: Yara match File source: 00000022.00000002.734737605.000000000FE72000.00000004.00000001.01000000.00000004.sdmp, type: MEMORY
Source: Yara match File source: 0000000F.00000002.485790617.000000000FE72000.00000004.00000001.01000000.00000004.sdmp, type: MEMORY
Source: Yara match File source: 0000000E.00000002.457737689.000000000FE72000.00000004.00000001.01000000.00000004.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000002.383047915.000000000FE72000.00000004.00000001.01000000.00000004.sdmp, type: MEMORY
Source: Yara match File source: 00000020.00000002.682007928.000000000FE72000.00000004.00000001.01000000.00000004.sdmp, type: MEMORY
Source: Yara match File source: 00000012.00000002.521001527.000000000FE72000.00000004.00000001.01000000.00000004.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: wThN5MTIsw.exe PID: 6388, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: ssapst.exe PID: 6592, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: ssapst.exe PID: 6840, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: ssapst.exe PID: 7028, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: ssapst.exe PID: 5668, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: ssapst.exe PID: 6104, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: ssapst.exe PID: 4292, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: ssapst.exe PID: 1416, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: ssapst.exe PID: 3248, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: ssapst.exe PID: 6228, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: ssapst.exe PID: 7020, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: ssapst.exe PID: 7108, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: ssapst.exe PID: 204, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: ssapst.exe PID: 4804, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: ssapst.exe PID: 1784, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: ssapst.exe PID: 5076, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: ssapst.exe PID: 5700, type: MEMORYSTR
Source: C:\Users\user\Desktop\wThN5MTIsw.exe Code function: 0_2_0F4E6660 EnterCriticalSection,CryptAcquireContextW,GetLastError,CryptAcquireContextW,CryptImportKey,CryptGetKeyParam,CryptEncrypt,GetLastError,CryptReleaseContext,LeaveCriticalSection, 0_2_0F4E6660
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe Code function: 2_2_0FE66660 EnterCriticalSection,CryptAcquireContextW,GetLastError,CryptAcquireContextW,CryptImportKey,CryptGetKeyParam,CryptEncrypt,GetLastError,CryptReleaseContext,LeaveCriticalSection, 2_2_0FE66660
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe Code function: 4_2_0FE66660 EnterCriticalSection,CryptAcquireContextW,GetLastError,CryptAcquireContextW,CryptImportKey,CryptGetKeyParam,CryptEncrypt,GetLastError,CryptReleaseContext,LeaveCriticalSection, 4_2_0FE66660

System Summary

barindex
Source: wThN5MTIsw.exe, type: SAMPLE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: wThN5MTIsw.exe, type: SAMPLE Matched rule: Gandcrab Payload Author: kevoreilly
Source: wThN5MTIsw.exe, type: SAMPLE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 34.3.ssapst.exe.32a0000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 34.3.ssapst.exe.32a0000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 34.3.ssapst.exe.32a0000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 32.3.ssapst.exe.3790000.0.raw.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 32.3.ssapst.exe.3790000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 32.3.ssapst.exe.3790000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 18.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 18.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 18.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 0.3.wThN5MTIsw.exe.3170000.0.raw.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 0.3.wThN5MTIsw.exe.3170000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 0.3.wThN5MTIsw.exe.3170000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 35.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 35.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 35.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 0.0.wThN5MTIsw.exe.f4e0000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 0.0.wThN5MTIsw.exe.f4e0000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 0.0.wThN5MTIsw.exe.f4e0000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 19.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 19.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 19.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 19.3.ssapst.exe.3520000.0.raw.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 19.3.ssapst.exe.3520000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 19.3.ssapst.exe.3520000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 30.3.ssapst.exe.2fc0000.0.raw.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 30.3.ssapst.exe.2fc0000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 30.3.ssapst.exe.2fc0000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 8.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 8.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 8.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 25.3.ssapst.exe.36d0000.0.raw.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 25.3.ssapst.exe.36d0000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 25.3.ssapst.exe.36d0000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 12.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 12.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 12.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 6.3.ssapst.exe.2f70000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 6.3.ssapst.exe.2f70000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 6.3.ssapst.exe.2f70000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 15.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 15.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 15.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 25.3.ssapst.exe.36d0000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 25.3.ssapst.exe.36d0000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 25.3.ssapst.exe.36d0000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 32.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 32.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 32.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 0.3.wThN5MTIsw.exe.3170000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 0.3.wThN5MTIsw.exe.3170000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 0.3.wThN5MTIsw.exe.3170000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 24.3.ssapst.exe.3b60000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 24.3.ssapst.exe.3b60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 24.3.ssapst.exe.3b60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 26.3.ssapst.exe.3830000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 26.3.ssapst.exe.3830000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 26.3.ssapst.exe.3830000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 12.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 12.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 12.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 24.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 24.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 24.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 30.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 30.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 30.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 34.3.ssapst.exe.32a0000.0.raw.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 34.3.ssapst.exe.32a0000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 34.3.ssapst.exe.32a0000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 35.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 35.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 35.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 18.3.ssapst.exe.3230000.0.raw.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 18.3.ssapst.exe.3230000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 18.3.ssapst.exe.3230000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 15.3.ssapst.exe.3300000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 15.3.ssapst.exe.3300000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 15.3.ssapst.exe.3300000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 6.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 6.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 6.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 12.3.ssapst.exe.3730000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 12.3.ssapst.exe.3730000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 12.3.ssapst.exe.3730000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 24.3.ssapst.exe.3b60000.0.raw.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 24.3.ssapst.exe.3b60000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 24.3.ssapst.exe.3b60000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 18.3.ssapst.exe.3230000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 18.3.ssapst.exe.3230000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 18.3.ssapst.exe.3230000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 15.3.ssapst.exe.3300000.0.raw.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 15.3.ssapst.exe.3300000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 15.3.ssapst.exe.3300000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 17.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 17.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 17.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 8.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 8.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 8.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 22.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 22.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 22.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 14.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 14.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 14.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 24.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 24.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 24.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 19.3.ssapst.exe.3520000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 19.3.ssapst.exe.3520000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 19.3.ssapst.exe.3520000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 25.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 25.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 25.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 19.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 19.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 19.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 17.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 17.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 17.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 4.3.ssapst.exe.38c0000.0.raw.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 4.3.ssapst.exe.38c0000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 4.3.ssapst.exe.38c0000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 30.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 30.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 30.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 22.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 22.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 22.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 8.3.ssapst.exe.30f0000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 8.3.ssapst.exe.30f0000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 8.3.ssapst.exe.30f0000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 2.3.ssapst.exe.3640000.0.raw.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 2.3.ssapst.exe.3640000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 2.3.ssapst.exe.3640000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 14.3.ssapst.exe.3730000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 14.3.ssapst.exe.3730000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 14.3.ssapst.exe.3730000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 26.3.ssapst.exe.3830000.0.raw.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 26.3.ssapst.exe.3830000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 26.3.ssapst.exe.3830000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 8.3.ssapst.exe.30f0000.0.raw.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 8.3.ssapst.exe.30f0000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 8.3.ssapst.exe.30f0000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 34.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 34.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 34.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 33.3.ssapst.exe.3d30000.0.raw.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 33.3.ssapst.exe.3d30000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 33.3.ssapst.exe.3d30000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 4.3.ssapst.exe.38c0000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 4.3.ssapst.exe.38c0000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 4.3.ssapst.exe.38c0000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 31.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 31.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 31.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 25.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 25.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 25.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 30.3.ssapst.exe.2fc0000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 30.3.ssapst.exe.2fc0000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 30.3.ssapst.exe.2fc0000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 6.3.ssapst.exe.2f70000.0.raw.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 6.3.ssapst.exe.2f70000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 6.3.ssapst.exe.2f70000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 14.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 14.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 14.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 33.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 33.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 33.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 33.3.ssapst.exe.3d30000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 33.3.ssapst.exe.3d30000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 33.3.ssapst.exe.3d30000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 12.3.ssapst.exe.3730000.0.raw.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 12.3.ssapst.exe.3730000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 12.3.ssapst.exe.3730000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 2.3.ssapst.exe.3640000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 2.3.ssapst.exe.3640000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 2.3.ssapst.exe.3640000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 2.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 2.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 2.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 4.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 4.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 4.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 4.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 4.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 4.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 15.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 15.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 15.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 26.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 26.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 26.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 14.3.ssapst.exe.3730000.0.raw.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 14.3.ssapst.exe.3730000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 14.3.ssapst.exe.3730000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 31.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 31.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 31.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 33.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 33.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 33.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 2.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 2.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 2.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 32.3.ssapst.exe.3790000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 32.3.ssapst.exe.3790000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 32.3.ssapst.exe.3790000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 32.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 32.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 32.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 18.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 18.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 18.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 6.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 6.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 6.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 26.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 26.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 26.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 34.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 34.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 34.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 0.2.wThN5MTIsw.exe.f4e0000.0.unpack, type: UNPACKEDPE Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 0.2.wThN5MTIsw.exe.f4e0000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab Payload Author: kevoreilly
Source: 0.2.wThN5MTIsw.exe.f4e0000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 00000004.00000003.382524367.00000000038C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 00000004.00000003.382524367.00000000038C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Gandcrab Payload Author: kevoreilly
Source: 00000004.00000003.382524367.00000000038C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 0000001E.00000003.653635490.0000000002FC0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 0000001E.00000003.653635490.0000000002FC0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Gandcrab Payload Author: kevoreilly
Source: 0000001E.00000003.653635490.0000000002FC0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 0000001A.00000003.625461976.0000000003830000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 0000001A.00000003.625461976.0000000003830000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Gandcrab Payload Author: kevoreilly
Source: 0000001A.00000003.625461976.0000000003830000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 00000021.00000003.701450302.0000000003D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 00000021.00000003.701450302.0000000003D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Gandcrab Payload Author: kevoreilly
Source: 00000021.00000003.701450302.0000000003D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 00000006.00000003.405218158.0000000002F70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 00000006.00000003.405218158.0000000002F70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Gandcrab Payload Author: kevoreilly
Source: 00000006.00000003.405218158.0000000002F70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 00000020.00000003.679180879.0000000003790000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 00000020.00000003.679180879.0000000003790000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Gandcrab Payload Author: kevoreilly
Source: 00000020.00000003.679180879.0000000003790000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 00000022.00000003.731764683.00000000032A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 00000022.00000003.731764683.00000000032A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Gandcrab Payload Author: kevoreilly
Source: 00000022.00000003.731764683.00000000032A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 00000018.00000003.584737437.0000000003B60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 00000018.00000003.584737437.0000000003B60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Gandcrab Payload Author: kevoreilly
Source: 00000018.00000003.584737437.0000000003B60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 0000000C.00000003.444009772.0000000003730000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 0000000C.00000003.444009772.0000000003730000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Gandcrab Payload Author: kevoreilly
Source: 0000000C.00000003.444009772.0000000003730000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 00000000.00000003.334936467.0000000003170000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 00000000.00000003.334936467.0000000003170000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Gandcrab Payload Author: kevoreilly
Source: 00000000.00000003.334936467.0000000003170000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 00000013.00000003.550407327.0000000003520000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 00000013.00000003.550407327.0000000003520000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Gandcrab Payload Author: kevoreilly
Source: 00000013.00000003.550407327.0000000003520000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 0000000F.00000003.484382333.0000000003300000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 0000000F.00000003.484382333.0000000003300000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Gandcrab Payload Author: kevoreilly
Source: 0000000F.00000003.484382333.0000000003300000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 0000000E.00000003.456730321.0000000003730000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 0000000E.00000003.456730321.0000000003730000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Gandcrab Payload Author: kevoreilly
Source: 0000000E.00000003.456730321.0000000003730000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 00000002.00000003.369602233.0000000003640000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 00000002.00000003.369602233.0000000003640000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Gandcrab Payload Author: kevoreilly
Source: 00000002.00000003.369602233.0000000003640000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 00000019.00000003.601841912.00000000036D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 00000019.00000003.601841912.00000000036D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Gandcrab Payload Author: kevoreilly
Source: 00000019.00000003.601841912.00000000036D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 00000008.00000003.419920296.00000000030F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 00000008.00000003.419920296.00000000030F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Gandcrab Payload Author: kevoreilly
Source: 00000008.00000003.419920296.00000000030F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: 00000012.00000003.513687059.0000000003230000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 00000012.00000003.513687059.0000000003230000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Gandcrab Payload Author: kevoreilly
Source: 00000012.00000003.513687059.0000000003230000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe, type: DROPPED Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe, type: DROPPED Matched rule: Gandcrab Payload Author: kevoreilly
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe, type: DROPPED Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs
Source: wThN5MTIsw.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: wThN5MTIsw.exe, type: SAMPLE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: wThN5MTIsw.exe, type: SAMPLE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: wThN5MTIsw.exe, type: SAMPLE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: wThN5MTIsw.exe, type: SAMPLE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: wThN5MTIsw.exe, type: SAMPLE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 34.3.ssapst.exe.32a0000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 34.3.ssapst.exe.32a0000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 34.3.ssapst.exe.32a0000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 34.3.ssapst.exe.32a0000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 34.3.ssapst.exe.32a0000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 32.3.ssapst.exe.3790000.0.raw.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 32.3.ssapst.exe.3790000.0.raw.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 32.3.ssapst.exe.3790000.0.raw.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 32.3.ssapst.exe.3790000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 32.3.ssapst.exe.3790000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 18.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 18.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 18.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 18.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 18.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 0.3.wThN5MTIsw.exe.3170000.0.raw.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 0.3.wThN5MTIsw.exe.3170000.0.raw.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 0.3.wThN5MTIsw.exe.3170000.0.raw.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 0.3.wThN5MTIsw.exe.3170000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 0.3.wThN5MTIsw.exe.3170000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 35.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 35.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 35.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 35.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 35.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 0.0.wThN5MTIsw.exe.f4e0000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 0.0.wThN5MTIsw.exe.f4e0000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 0.0.wThN5MTIsw.exe.f4e0000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 0.0.wThN5MTIsw.exe.f4e0000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 0.0.wThN5MTIsw.exe.f4e0000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 19.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 19.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 19.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 19.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 19.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 19.3.ssapst.exe.3520000.0.raw.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 19.3.ssapst.exe.3520000.0.raw.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 19.3.ssapst.exe.3520000.0.raw.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 19.3.ssapst.exe.3520000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 19.3.ssapst.exe.3520000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 30.3.ssapst.exe.2fc0000.0.raw.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 30.3.ssapst.exe.2fc0000.0.raw.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 30.3.ssapst.exe.2fc0000.0.raw.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 30.3.ssapst.exe.2fc0000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 30.3.ssapst.exe.2fc0000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 8.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 8.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 8.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 8.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 8.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 25.3.ssapst.exe.36d0000.0.raw.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 25.3.ssapst.exe.36d0000.0.raw.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 25.3.ssapst.exe.36d0000.0.raw.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 25.3.ssapst.exe.36d0000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 25.3.ssapst.exe.36d0000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 12.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 12.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 12.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 12.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 12.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 6.3.ssapst.exe.2f70000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 6.3.ssapst.exe.2f70000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 6.3.ssapst.exe.2f70000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 6.3.ssapst.exe.2f70000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 6.3.ssapst.exe.2f70000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 15.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 15.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 15.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 15.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 15.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 25.3.ssapst.exe.36d0000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 25.3.ssapst.exe.36d0000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 25.3.ssapst.exe.36d0000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 25.3.ssapst.exe.36d0000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 25.3.ssapst.exe.36d0000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 32.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 32.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 32.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 32.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 32.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 0.3.wThN5MTIsw.exe.3170000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 0.3.wThN5MTIsw.exe.3170000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 0.3.wThN5MTIsw.exe.3170000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 0.3.wThN5MTIsw.exe.3170000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 0.3.wThN5MTIsw.exe.3170000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 24.3.ssapst.exe.3b60000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 24.3.ssapst.exe.3b60000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 24.3.ssapst.exe.3b60000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 24.3.ssapst.exe.3b60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 24.3.ssapst.exe.3b60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 26.3.ssapst.exe.3830000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 26.3.ssapst.exe.3830000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 26.3.ssapst.exe.3830000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 26.3.ssapst.exe.3830000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 26.3.ssapst.exe.3830000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 12.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 12.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 12.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 12.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 12.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 24.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 24.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 24.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 24.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 24.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 30.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 30.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 30.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 30.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 30.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 34.3.ssapst.exe.32a0000.0.raw.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 34.3.ssapst.exe.32a0000.0.raw.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 34.3.ssapst.exe.32a0000.0.raw.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 34.3.ssapst.exe.32a0000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 34.3.ssapst.exe.32a0000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 35.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 35.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 35.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 35.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 35.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 18.3.ssapst.exe.3230000.0.raw.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 18.3.ssapst.exe.3230000.0.raw.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 18.3.ssapst.exe.3230000.0.raw.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 18.3.ssapst.exe.3230000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 18.3.ssapst.exe.3230000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 15.3.ssapst.exe.3300000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 15.3.ssapst.exe.3300000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 15.3.ssapst.exe.3300000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 15.3.ssapst.exe.3300000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 15.3.ssapst.exe.3300000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 6.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 6.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 6.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 6.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 6.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 12.3.ssapst.exe.3730000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 12.3.ssapst.exe.3730000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 12.3.ssapst.exe.3730000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 12.3.ssapst.exe.3730000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 12.3.ssapst.exe.3730000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 24.3.ssapst.exe.3b60000.0.raw.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 24.3.ssapst.exe.3b60000.0.raw.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 24.3.ssapst.exe.3b60000.0.raw.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 24.3.ssapst.exe.3b60000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 24.3.ssapst.exe.3b60000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 18.3.ssapst.exe.3230000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 18.3.ssapst.exe.3230000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 18.3.ssapst.exe.3230000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 18.3.ssapst.exe.3230000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 18.3.ssapst.exe.3230000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 15.3.ssapst.exe.3300000.0.raw.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 15.3.ssapst.exe.3300000.0.raw.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 15.3.ssapst.exe.3300000.0.raw.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 15.3.ssapst.exe.3300000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 15.3.ssapst.exe.3300000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 17.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 17.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 17.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 17.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 17.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 8.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 8.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 8.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 8.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 8.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 22.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 22.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 22.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 22.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 22.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 14.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 14.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 14.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 14.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 14.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 24.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 24.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 24.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 24.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 24.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 19.3.ssapst.exe.3520000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 19.3.ssapst.exe.3520000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 19.3.ssapst.exe.3520000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 19.3.ssapst.exe.3520000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 19.3.ssapst.exe.3520000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 25.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 25.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 25.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 25.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 25.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 19.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 19.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 19.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 19.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 19.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 17.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 17.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 17.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 17.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 17.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 4.3.ssapst.exe.38c0000.0.raw.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 4.3.ssapst.exe.38c0000.0.raw.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 4.3.ssapst.exe.38c0000.0.raw.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 4.3.ssapst.exe.38c0000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 4.3.ssapst.exe.38c0000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 30.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 30.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 30.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 30.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 30.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 22.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 22.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 22.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 22.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 22.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 8.3.ssapst.exe.30f0000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 8.3.ssapst.exe.30f0000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 8.3.ssapst.exe.30f0000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 8.3.ssapst.exe.30f0000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 8.3.ssapst.exe.30f0000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 2.3.ssapst.exe.3640000.0.raw.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 2.3.ssapst.exe.3640000.0.raw.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 2.3.ssapst.exe.3640000.0.raw.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 2.3.ssapst.exe.3640000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 2.3.ssapst.exe.3640000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 14.3.ssapst.exe.3730000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 14.3.ssapst.exe.3730000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 14.3.ssapst.exe.3730000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 14.3.ssapst.exe.3730000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 14.3.ssapst.exe.3730000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 26.3.ssapst.exe.3830000.0.raw.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 26.3.ssapst.exe.3830000.0.raw.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 26.3.ssapst.exe.3830000.0.raw.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 26.3.ssapst.exe.3830000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 26.3.ssapst.exe.3830000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 8.3.ssapst.exe.30f0000.0.raw.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 8.3.ssapst.exe.30f0000.0.raw.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 8.3.ssapst.exe.30f0000.0.raw.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 8.3.ssapst.exe.30f0000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 8.3.ssapst.exe.30f0000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 34.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 34.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 34.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 34.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 34.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 33.3.ssapst.exe.3d30000.0.raw.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 33.3.ssapst.exe.3d30000.0.raw.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 33.3.ssapst.exe.3d30000.0.raw.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 33.3.ssapst.exe.3d30000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 33.3.ssapst.exe.3d30000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 4.3.ssapst.exe.38c0000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 4.3.ssapst.exe.38c0000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 4.3.ssapst.exe.38c0000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 4.3.ssapst.exe.38c0000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 4.3.ssapst.exe.38c0000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 31.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 31.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 31.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 31.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 31.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 25.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 25.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 25.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 25.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 25.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 30.3.ssapst.exe.2fc0000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 30.3.ssapst.exe.2fc0000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 30.3.ssapst.exe.2fc0000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 30.3.ssapst.exe.2fc0000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 30.3.ssapst.exe.2fc0000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 6.3.ssapst.exe.2f70000.0.raw.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 6.3.ssapst.exe.2f70000.0.raw.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 6.3.ssapst.exe.2f70000.0.raw.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 6.3.ssapst.exe.2f70000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 6.3.ssapst.exe.2f70000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 14.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 14.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 14.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 14.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 14.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 33.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 33.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 33.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 33.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 33.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 33.3.ssapst.exe.3d30000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 33.3.ssapst.exe.3d30000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 33.3.ssapst.exe.3d30000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 33.3.ssapst.exe.3d30000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 33.3.ssapst.exe.3d30000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 12.3.ssapst.exe.3730000.0.raw.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 12.3.ssapst.exe.3730000.0.raw.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 12.3.ssapst.exe.3730000.0.raw.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 12.3.ssapst.exe.3730000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 12.3.ssapst.exe.3730000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 2.3.ssapst.exe.3640000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 2.3.ssapst.exe.3640000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 2.3.ssapst.exe.3640000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 2.3.ssapst.exe.3640000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 2.3.ssapst.exe.3640000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 2.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 2.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 2.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 2.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 2.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 4.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 4.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 4.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 4.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 4.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 4.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 4.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 4.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 4.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 4.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 15.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 15.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 15.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 15.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 15.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 26.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 26.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 26.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 26.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 26.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 14.3.ssapst.exe.3730000.0.raw.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 14.3.ssapst.exe.3730000.0.raw.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 14.3.ssapst.exe.3730000.0.raw.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 14.3.ssapst.exe.3730000.0.raw.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 14.3.ssapst.exe.3730000.0.raw.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 31.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 31.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 31.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 31.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 31.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 33.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 33.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 33.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 33.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 33.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 2.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 2.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 2.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 2.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 2.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 32.3.ssapst.exe.3790000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 32.3.ssapst.exe.3790000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 32.3.ssapst.exe.3790000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 32.3.ssapst.exe.3790000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 32.3.ssapst.exe.3790000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 32.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 32.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 32.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 32.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 32.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 6.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 6.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 18.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 18.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 18.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 18.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 18.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 6.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 6.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 6.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 26.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 26.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 26.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 26.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 26.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 34.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 34.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 34.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 34.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 34.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 0.2.wThN5MTIsw.exe.f4e0000.0.unpack, type: UNPACKEDPE Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 0.2.wThN5MTIsw.exe.f4e0000.0.unpack, type: UNPACKEDPE Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 0.2.wThN5MTIsw.exe.f4e0000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 0.2.wThN5MTIsw.exe.f4e0000.0.unpack, type: UNPACKEDPE Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 0.2.wThN5MTIsw.exe.f4e0000.0.unpack, type: UNPACKEDPE Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 00000004.00000003.382524367.00000000038C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 00000004.00000003.382524367.00000000038C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 00000004.00000003.382524367.00000000038C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 00000004.00000003.382524367.00000000038C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 00000004.00000003.382524367.00000000038C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 0000001E.00000003.653635490.0000000002FC0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 0000001E.00000003.653635490.0000000002FC0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 0000001E.00000003.653635490.0000000002FC0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 0000001E.00000003.653635490.0000000002FC0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 0000001E.00000003.653635490.0000000002FC0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 0000001A.00000003.625461976.0000000003830000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 0000001A.00000003.625461976.0000000003830000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 0000001A.00000003.625461976.0000000003830000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 0000001A.00000003.625461976.0000000003830000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 0000001A.00000003.625461976.0000000003830000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 00000021.00000003.701450302.0000000003D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 00000021.00000003.701450302.0000000003D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 00000021.00000003.701450302.0000000003D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 00000021.00000003.701450302.0000000003D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 00000021.00000003.701450302.0000000003D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 00000006.00000003.405218158.0000000002F70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 00000006.00000003.405218158.0000000002F70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 00000006.00000003.405218158.0000000002F70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 00000006.00000003.405218158.0000000002F70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 00000006.00000003.405218158.0000000002F70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 00000020.00000003.679180879.0000000003790000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 00000020.00000003.679180879.0000000003790000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 00000020.00000003.679180879.0000000003790000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 00000020.00000003.679180879.0000000003790000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 00000020.00000003.679180879.0000000003790000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 00000022.00000003.731764683.00000000032A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 00000022.00000003.731764683.00000000032A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 00000022.00000003.731764683.00000000032A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 00000022.00000003.731764683.00000000032A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 00000022.00000003.731764683.00000000032A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 00000018.00000003.584737437.0000000003B60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 00000018.00000003.584737437.0000000003B60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 00000018.00000003.584737437.0000000003B60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 00000018.00000003.584737437.0000000003B60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 00000018.00000003.584737437.0000000003B60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 0000000C.00000003.444009772.0000000003730000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 0000000C.00000003.444009772.0000000003730000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 0000000C.00000003.444009772.0000000003730000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 0000000C.00000003.444009772.0000000003730000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 0000000C.00000003.444009772.0000000003730000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 00000000.00000003.334936467.0000000003170000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 00000000.00000003.334936467.0000000003170000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 00000000.00000003.334936467.0000000003170000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 00000000.00000003.334936467.0000000003170000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 00000000.00000003.334936467.0000000003170000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 00000013.00000003.550407327.0000000003520000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 00000013.00000003.550407327.0000000003520000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 00000013.00000003.550407327.0000000003520000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 00000013.00000003.550407327.0000000003520000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 00000013.00000003.550407327.0000000003520000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
Source: 0000000F.00000003.484382333.0000000003300000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 0000000F.00000003.484382333.0000000003300000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 0000000F.00000003.484382333.0000000003300000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts