Source: wThN5MTIsw.exe, type: SAMPLE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: wThN5MTIsw.exe, type: SAMPLE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: wThN5MTIsw.exe, type: SAMPLE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 34.3.ssapst.exe.32a0000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 34.3.ssapst.exe.32a0000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 34.3.ssapst.exe.32a0000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 32.3.ssapst.exe.3790000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 32.3.ssapst.exe.3790000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 32.3.ssapst.exe.3790000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 18.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 18.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 18.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 0.3.wThN5MTIsw.exe.3170000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 0.3.wThN5MTIsw.exe.3170000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 0.3.wThN5MTIsw.exe.3170000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 35.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 35.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 35.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 0.0.wThN5MTIsw.exe.f4e0000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 0.0.wThN5MTIsw.exe.f4e0000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 0.0.wThN5MTIsw.exe.f4e0000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 19.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 19.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 19.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 19.3.ssapst.exe.3520000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 19.3.ssapst.exe.3520000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 19.3.ssapst.exe.3520000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 30.3.ssapst.exe.2fc0000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 30.3.ssapst.exe.2fc0000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 30.3.ssapst.exe.2fc0000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 8.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 8.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 8.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 25.3.ssapst.exe.36d0000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 25.3.ssapst.exe.36d0000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 25.3.ssapst.exe.36d0000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 12.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 12.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 12.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 6.3.ssapst.exe.2f70000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 6.3.ssapst.exe.2f70000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 6.3.ssapst.exe.2f70000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 15.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 15.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 15.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 25.3.ssapst.exe.36d0000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 25.3.ssapst.exe.36d0000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 25.3.ssapst.exe.36d0000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 32.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 32.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 32.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 0.3.wThN5MTIsw.exe.3170000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 0.3.wThN5MTIsw.exe.3170000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 0.3.wThN5MTIsw.exe.3170000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 24.3.ssapst.exe.3b60000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 24.3.ssapst.exe.3b60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 24.3.ssapst.exe.3b60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 26.3.ssapst.exe.3830000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 26.3.ssapst.exe.3830000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 26.3.ssapst.exe.3830000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 12.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 12.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 12.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 24.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 24.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 24.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 30.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 30.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 30.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 34.3.ssapst.exe.32a0000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 34.3.ssapst.exe.32a0000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 34.3.ssapst.exe.32a0000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 35.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 35.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 35.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 18.3.ssapst.exe.3230000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 18.3.ssapst.exe.3230000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 18.3.ssapst.exe.3230000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 15.3.ssapst.exe.3300000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 15.3.ssapst.exe.3300000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 15.3.ssapst.exe.3300000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 6.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 6.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 6.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 12.3.ssapst.exe.3730000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 12.3.ssapst.exe.3730000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 12.3.ssapst.exe.3730000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 24.3.ssapst.exe.3b60000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 24.3.ssapst.exe.3b60000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 24.3.ssapst.exe.3b60000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 18.3.ssapst.exe.3230000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 18.3.ssapst.exe.3230000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 18.3.ssapst.exe.3230000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 15.3.ssapst.exe.3300000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 15.3.ssapst.exe.3300000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 15.3.ssapst.exe.3300000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 17.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 17.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 17.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 8.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 8.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 8.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 22.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 22.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 22.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 14.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 14.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 14.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 24.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 24.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 24.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 19.3.ssapst.exe.3520000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 19.3.ssapst.exe.3520000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 19.3.ssapst.exe.3520000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 25.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 25.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 25.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 19.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 19.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 19.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 17.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 17.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 17.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 4.3.ssapst.exe.38c0000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 4.3.ssapst.exe.38c0000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 4.3.ssapst.exe.38c0000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 30.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 30.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 30.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 22.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 22.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 22.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 8.3.ssapst.exe.30f0000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 8.3.ssapst.exe.30f0000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 8.3.ssapst.exe.30f0000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 2.3.ssapst.exe.3640000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 2.3.ssapst.exe.3640000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 2.3.ssapst.exe.3640000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 14.3.ssapst.exe.3730000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 14.3.ssapst.exe.3730000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 14.3.ssapst.exe.3730000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 26.3.ssapst.exe.3830000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 26.3.ssapst.exe.3830000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 26.3.ssapst.exe.3830000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 8.3.ssapst.exe.30f0000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 8.3.ssapst.exe.30f0000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 8.3.ssapst.exe.30f0000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 34.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 34.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 34.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 33.3.ssapst.exe.3d30000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 33.3.ssapst.exe.3d30000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 33.3.ssapst.exe.3d30000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 4.3.ssapst.exe.38c0000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 4.3.ssapst.exe.38c0000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 4.3.ssapst.exe.38c0000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 31.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 31.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 31.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 25.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 25.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 25.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 30.3.ssapst.exe.2fc0000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 30.3.ssapst.exe.2fc0000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 30.3.ssapst.exe.2fc0000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 6.3.ssapst.exe.2f70000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 6.3.ssapst.exe.2f70000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 6.3.ssapst.exe.2f70000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 14.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 14.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 14.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 33.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 33.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 33.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 33.3.ssapst.exe.3d30000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 33.3.ssapst.exe.3d30000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 33.3.ssapst.exe.3d30000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 12.3.ssapst.exe.3730000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 12.3.ssapst.exe.3730000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 12.3.ssapst.exe.3730000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 2.3.ssapst.exe.3640000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 2.3.ssapst.exe.3640000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 2.3.ssapst.exe.3640000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 2.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 2.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 2.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 4.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 4.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 4.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 4.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 4.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 4.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 15.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 15.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 15.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 26.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 26.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 26.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 14.3.ssapst.exe.3730000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 14.3.ssapst.exe.3730000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 14.3.ssapst.exe.3730000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 31.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 31.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 31.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 33.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 33.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 33.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 2.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 2.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 2.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 32.3.ssapst.exe.3790000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 32.3.ssapst.exe.3790000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 32.3.ssapst.exe.3790000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 32.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 32.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 32.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 18.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 18.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 18.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 6.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 6.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 6.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 26.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 26.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 26.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 34.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 34.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 34.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 0.2.wThN5MTIsw.exe.f4e0000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 0.2.wThN5MTIsw.exe.f4e0000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 0.2.wThN5MTIsw.exe.f4e0000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 00000004.00000003.382524367.00000000038C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 00000004.00000003.382524367.00000000038C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 00000004.00000003.382524367.00000000038C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 0000001E.00000003.653635490.0000000002FC0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 0000001E.00000003.653635490.0000000002FC0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 0000001E.00000003.653635490.0000000002FC0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 0000001A.00000003.625461976.0000000003830000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 0000001A.00000003.625461976.0000000003830000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 0000001A.00000003.625461976.0000000003830000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 00000021.00000003.701450302.0000000003D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 00000021.00000003.701450302.0000000003D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 00000021.00000003.701450302.0000000003D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 00000006.00000003.405218158.0000000002F70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 00000006.00000003.405218158.0000000002F70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 00000006.00000003.405218158.0000000002F70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 00000020.00000003.679180879.0000000003790000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 00000020.00000003.679180879.0000000003790000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 00000020.00000003.679180879.0000000003790000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 00000022.00000003.731764683.00000000032A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 00000022.00000003.731764683.00000000032A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 00000022.00000003.731764683.00000000032A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 00000018.00000003.584737437.0000000003B60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 00000018.00000003.584737437.0000000003B60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 00000018.00000003.584737437.0000000003B60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 0000000C.00000003.444009772.0000000003730000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 0000000C.00000003.444009772.0000000003730000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 0000000C.00000003.444009772.0000000003730000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 00000000.00000003.334936467.0000000003170000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 00000000.00000003.334936467.0000000003170000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 00000000.00000003.334936467.0000000003170000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 00000013.00000003.550407327.0000000003520000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 00000013.00000003.550407327.0000000003520000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 00000013.00000003.550407327.0000000003520000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 0000000F.00000003.484382333.0000000003300000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 0000000F.00000003.484382333.0000000003300000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 0000000F.00000003.484382333.0000000003300000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 0000000E.00000003.456730321.0000000003730000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 0000000E.00000003.456730321.0000000003730000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 0000000E.00000003.456730321.0000000003730000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 00000002.00000003.369602233.0000000003640000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 00000002.00000003.369602233.0000000003640000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 00000002.00000003.369602233.0000000003640000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 00000019.00000003.601841912.00000000036D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 00000019.00000003.601841912.00000000036D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 00000019.00000003.601841912.00000000036D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 00000008.00000003.419920296.00000000030F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 00000008.00000003.419920296.00000000030F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 00000008.00000003.419920296.00000000030F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 00000012.00000003.513687059.0000000003230000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 00000012.00000003.513687059.0000000003230000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 00000012.00000003.513687059.0000000003230000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe, type: DROPPED |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe, type: DROPPED |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe, type: DROPPED |
Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: wThN5MTIsw.exe, type: SAMPLE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: wThN5MTIsw.exe, type: SAMPLE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: wThN5MTIsw.exe, type: SAMPLE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: wThN5MTIsw.exe, type: SAMPLE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: wThN5MTIsw.exe, type: SAMPLE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 34.3.ssapst.exe.32a0000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 34.3.ssapst.exe.32a0000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 34.3.ssapst.exe.32a0000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 34.3.ssapst.exe.32a0000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 34.3.ssapst.exe.32a0000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 32.3.ssapst.exe.3790000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 32.3.ssapst.exe.3790000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 32.3.ssapst.exe.3790000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 32.3.ssapst.exe.3790000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 32.3.ssapst.exe.3790000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 18.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 18.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 18.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 18.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 18.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 0.3.wThN5MTIsw.exe.3170000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 0.3.wThN5MTIsw.exe.3170000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 0.3.wThN5MTIsw.exe.3170000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 0.3.wThN5MTIsw.exe.3170000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 0.3.wThN5MTIsw.exe.3170000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 35.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 35.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 35.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 35.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 35.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 0.0.wThN5MTIsw.exe.f4e0000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 0.0.wThN5MTIsw.exe.f4e0000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 0.0.wThN5MTIsw.exe.f4e0000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 0.0.wThN5MTIsw.exe.f4e0000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 0.0.wThN5MTIsw.exe.f4e0000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 19.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 19.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 19.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 19.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 19.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 19.3.ssapst.exe.3520000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 19.3.ssapst.exe.3520000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 19.3.ssapst.exe.3520000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 19.3.ssapst.exe.3520000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 19.3.ssapst.exe.3520000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 30.3.ssapst.exe.2fc0000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 30.3.ssapst.exe.2fc0000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 30.3.ssapst.exe.2fc0000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 30.3.ssapst.exe.2fc0000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 30.3.ssapst.exe.2fc0000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 8.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 8.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 8.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 8.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 8.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 25.3.ssapst.exe.36d0000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 25.3.ssapst.exe.36d0000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 25.3.ssapst.exe.36d0000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 25.3.ssapst.exe.36d0000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 25.3.ssapst.exe.36d0000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 12.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 12.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 12.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 12.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 12.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 6.3.ssapst.exe.2f70000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 6.3.ssapst.exe.2f70000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 6.3.ssapst.exe.2f70000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 6.3.ssapst.exe.2f70000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 6.3.ssapst.exe.2f70000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 15.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 15.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 15.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 15.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 15.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 25.3.ssapst.exe.36d0000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 25.3.ssapst.exe.36d0000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 25.3.ssapst.exe.36d0000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 25.3.ssapst.exe.36d0000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 25.3.ssapst.exe.36d0000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 32.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 32.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 32.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 32.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 32.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 0.3.wThN5MTIsw.exe.3170000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 0.3.wThN5MTIsw.exe.3170000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 0.3.wThN5MTIsw.exe.3170000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 0.3.wThN5MTIsw.exe.3170000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 0.3.wThN5MTIsw.exe.3170000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 24.3.ssapst.exe.3b60000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 24.3.ssapst.exe.3b60000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 24.3.ssapst.exe.3b60000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 24.3.ssapst.exe.3b60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 24.3.ssapst.exe.3b60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 26.3.ssapst.exe.3830000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 26.3.ssapst.exe.3830000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 26.3.ssapst.exe.3830000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 26.3.ssapst.exe.3830000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 26.3.ssapst.exe.3830000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 12.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 12.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 12.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 12.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 12.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 24.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 24.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 24.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 24.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 24.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 30.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 30.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 30.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 30.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 30.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 34.3.ssapst.exe.32a0000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 34.3.ssapst.exe.32a0000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 34.3.ssapst.exe.32a0000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 34.3.ssapst.exe.32a0000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 34.3.ssapst.exe.32a0000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 35.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 35.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 35.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 35.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 35.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 18.3.ssapst.exe.3230000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 18.3.ssapst.exe.3230000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 18.3.ssapst.exe.3230000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 18.3.ssapst.exe.3230000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 18.3.ssapst.exe.3230000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 15.3.ssapst.exe.3300000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 15.3.ssapst.exe.3300000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 15.3.ssapst.exe.3300000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 15.3.ssapst.exe.3300000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 15.3.ssapst.exe.3300000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 6.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 6.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 6.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 6.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 6.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 12.3.ssapst.exe.3730000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 12.3.ssapst.exe.3730000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 12.3.ssapst.exe.3730000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 12.3.ssapst.exe.3730000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 12.3.ssapst.exe.3730000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 24.3.ssapst.exe.3b60000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 24.3.ssapst.exe.3b60000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 24.3.ssapst.exe.3b60000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 24.3.ssapst.exe.3b60000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 24.3.ssapst.exe.3b60000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 18.3.ssapst.exe.3230000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 18.3.ssapst.exe.3230000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 18.3.ssapst.exe.3230000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 18.3.ssapst.exe.3230000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 18.3.ssapst.exe.3230000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 15.3.ssapst.exe.3300000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 15.3.ssapst.exe.3300000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 15.3.ssapst.exe.3300000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 15.3.ssapst.exe.3300000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 15.3.ssapst.exe.3300000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 17.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 17.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 17.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 17.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 17.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 8.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 8.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 8.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 8.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 8.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 22.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 22.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 22.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 22.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 22.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 14.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 14.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 14.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 14.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 14.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 24.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 24.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 24.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 24.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 24.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 19.3.ssapst.exe.3520000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 19.3.ssapst.exe.3520000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 19.3.ssapst.exe.3520000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 19.3.ssapst.exe.3520000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 19.3.ssapst.exe.3520000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 25.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 25.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 25.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 25.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 25.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 19.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 19.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 19.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 19.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 19.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 17.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 17.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 17.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 17.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 17.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 4.3.ssapst.exe.38c0000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 4.3.ssapst.exe.38c0000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 4.3.ssapst.exe.38c0000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 4.3.ssapst.exe.38c0000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 4.3.ssapst.exe.38c0000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 30.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 30.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 30.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 30.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 30.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 22.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 22.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 22.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 22.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 22.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 8.3.ssapst.exe.30f0000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 8.3.ssapst.exe.30f0000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 8.3.ssapst.exe.30f0000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 8.3.ssapst.exe.30f0000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 8.3.ssapst.exe.30f0000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 2.3.ssapst.exe.3640000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 2.3.ssapst.exe.3640000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 2.3.ssapst.exe.3640000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 2.3.ssapst.exe.3640000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 2.3.ssapst.exe.3640000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 14.3.ssapst.exe.3730000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 14.3.ssapst.exe.3730000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 14.3.ssapst.exe.3730000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 14.3.ssapst.exe.3730000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 14.3.ssapst.exe.3730000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 26.3.ssapst.exe.3830000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 26.3.ssapst.exe.3830000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 26.3.ssapst.exe.3830000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 26.3.ssapst.exe.3830000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 26.3.ssapst.exe.3830000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 8.3.ssapst.exe.30f0000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 8.3.ssapst.exe.30f0000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 8.3.ssapst.exe.30f0000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 8.3.ssapst.exe.30f0000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 8.3.ssapst.exe.30f0000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 34.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 34.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 34.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 34.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 34.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 33.3.ssapst.exe.3d30000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 33.3.ssapst.exe.3d30000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 33.3.ssapst.exe.3d30000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 33.3.ssapst.exe.3d30000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 33.3.ssapst.exe.3d30000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 4.3.ssapst.exe.38c0000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 4.3.ssapst.exe.38c0000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 4.3.ssapst.exe.38c0000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 4.3.ssapst.exe.38c0000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 4.3.ssapst.exe.38c0000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 31.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 31.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 31.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 31.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 31.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 25.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 25.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 25.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 25.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 25.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 30.3.ssapst.exe.2fc0000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 30.3.ssapst.exe.2fc0000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 30.3.ssapst.exe.2fc0000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 30.3.ssapst.exe.2fc0000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 30.3.ssapst.exe.2fc0000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 6.3.ssapst.exe.2f70000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 6.3.ssapst.exe.2f70000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 6.3.ssapst.exe.2f70000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 6.3.ssapst.exe.2f70000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 6.3.ssapst.exe.2f70000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 14.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 14.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 14.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 14.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 14.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 33.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 33.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 33.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 33.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 33.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 33.3.ssapst.exe.3d30000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 33.3.ssapst.exe.3d30000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 33.3.ssapst.exe.3d30000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 33.3.ssapst.exe.3d30000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 33.3.ssapst.exe.3d30000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 12.3.ssapst.exe.3730000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 12.3.ssapst.exe.3730000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 12.3.ssapst.exe.3730000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 12.3.ssapst.exe.3730000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 12.3.ssapst.exe.3730000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 2.3.ssapst.exe.3640000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 2.3.ssapst.exe.3640000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 2.3.ssapst.exe.3640000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 2.3.ssapst.exe.3640000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 2.3.ssapst.exe.3640000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 2.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 2.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 2.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 2.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 2.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 4.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 4.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 4.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 4.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 4.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 4.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 4.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 4.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 4.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 4.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 15.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 15.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 15.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 15.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 15.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 26.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 26.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 26.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 26.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 26.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 14.3.ssapst.exe.3730000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 14.3.ssapst.exe.3730000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 14.3.ssapst.exe.3730000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 14.3.ssapst.exe.3730000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 14.3.ssapst.exe.3730000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 31.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 31.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 31.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 31.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 31.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 33.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 33.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 33.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 33.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 33.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 2.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 2.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 2.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 2.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 2.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 32.3.ssapst.exe.3790000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 32.3.ssapst.exe.3790000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 32.3.ssapst.exe.3790000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 32.3.ssapst.exe.3790000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 32.3.ssapst.exe.3790000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 32.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 32.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 32.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 32.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 32.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 6.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 6.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 18.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 18.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 18.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 18.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 18.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 6.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 6.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 6.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 26.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 26.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 26.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 26.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 26.2.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 34.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 34.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 34.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 34.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 34.0.ssapst.exe.fe60000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 0.2.wThN5MTIsw.exe.f4e0000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 0.2.wThN5MTIsw.exe.f4e0000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 0.2.wThN5MTIsw.exe.f4e0000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 0.2.wThN5MTIsw.exe.f4e0000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 0.2.wThN5MTIsw.exe.f4e0000.0.unpack, type: UNPACKEDPE |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 00000004.00000003.382524367.00000000038C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 00000004.00000003.382524367.00000000038C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 00000004.00000003.382524367.00000000038C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 00000004.00000003.382524367.00000000038C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 00000004.00000003.382524367.00000000038C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 0000001E.00000003.653635490.0000000002FC0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 0000001E.00000003.653635490.0000000002FC0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 0000001E.00000003.653635490.0000000002FC0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 0000001E.00000003.653635490.0000000002FC0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 0000001E.00000003.653635490.0000000002FC0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 0000001A.00000003.625461976.0000000003830000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 0000001A.00000003.625461976.0000000003830000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 0000001A.00000003.625461976.0000000003830000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 0000001A.00000003.625461976.0000000003830000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 0000001A.00000003.625461976.0000000003830000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 00000021.00000003.701450302.0000000003D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 00000021.00000003.701450302.0000000003D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 00000021.00000003.701450302.0000000003D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 00000021.00000003.701450302.0000000003D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 00000021.00000003.701450302.0000000003D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 00000006.00000003.405218158.0000000002F70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 00000006.00000003.405218158.0000000002F70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 00000006.00000003.405218158.0000000002F70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 00000006.00000003.405218158.0000000002F70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 00000006.00000003.405218158.0000000002F70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 00000020.00000003.679180879.0000000003790000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 00000020.00000003.679180879.0000000003790000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 00000020.00000003.679180879.0000000003790000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 00000020.00000003.679180879.0000000003790000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 00000020.00000003.679180879.0000000003790000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 00000022.00000003.731764683.00000000032A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 00000022.00000003.731764683.00000000032A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 00000022.00000003.731764683.00000000032A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 00000022.00000003.731764683.00000000032A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 00000022.00000003.731764683.00000000032A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 00000018.00000003.584737437.0000000003B60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 00000018.00000003.584737437.0000000003B60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 00000018.00000003.584737437.0000000003B60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 00000018.00000003.584737437.0000000003B60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 00000018.00000003.584737437.0000000003B60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 0000000C.00000003.444009772.0000000003730000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 0000000C.00000003.444009772.0000000003730000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 0000000C.00000003.444009772.0000000003730000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 0000000C.00000003.444009772.0000000003730000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 0000000C.00000003.444009772.0000000003730000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 00000000.00000003.334936467.0000000003170000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 00000000.00000003.334936467.0000000003170000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 00000000.00000003.334936467.0000000003170000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 00000000.00000003.334936467.0000000003170000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 00000000.00000003.334936467.0000000003170000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 00000013.00000003.550407327.0000000003520000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 00000013.00000003.550407327.0000000003520000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 00000013.00000003.550407327.0000000003520000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 00000013.00000003.550407327.0000000003520000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 00000013.00000003.550407327.0000000003520000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 0000000F.00000003.484382333.0000000003300000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 0000000F.00000003.484382333.0000000003300000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 0000000F.00000003.484382333.0000000003300000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 0000000F.00000003.484382333.0000000003300000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 0000000F.00000003.484382333.0000000003300000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 0000000E.00000003.456730321.0000000003730000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 0000000E.00000003.456730321.0000000003730000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 0000000E.00000003.456730321.0000000003730000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 0000000E.00000003.456730321.0000000003730000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 0000000E.00000003.456730321.0000000003730000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 00000002.00000003.369602233.0000000003640000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 00000002.00000003.369602233.0000000003640000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 00000002.00000003.369602233.0000000003640000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 00000002.00000003.369602233.0000000003640000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 00000002.00000003.369602233.0000000003640000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 00000019.00000003.601841912.00000000036D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 00000019.00000003.601841912.00000000036D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 00000019.00000003.601841912.00000000036D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 00000019.00000003.601841912.00000000036D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 00000019.00000003.601841912.00000000036D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 00000008.00000003.419920296.00000000030F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 00000008.00000003.419920296.00000000030F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 00000008.00000003.419920296.00000000030F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 00000008.00000003.419920296.00000000030F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 00000008.00000003.419920296.00000000030F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 00000012.00000003.513687059.0000000003230000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 00000012.00000003.513687059.0000000003230000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 00000012.00000003.513687059.0000000003230000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 00000012.00000003.513687059.0000000003230000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 00000012.00000003.513687059.0000000003230000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: Process Memory Space: wThN5MTIsw.exe PID: 6388, type: MEMORYSTR |
Matched rule: HKTL_Meterpreter_inMemory date = 2020-06-29, author = netbiosX, Florian Roth, description = Detects Meterpreter in-memory, score = , reference = https://www.reddit.com/r/purpleteamsec/comments/hjux11/meterpreter_memory_indicators_detection_tooling/ |
Source: Process Memory Space: ssapst.exe PID: 6592, type: MEMORYSTR |
Matched rule: HKTL_Meterpreter_inMemory date = 2020-06-29, author = netbiosX, Florian Roth, description = Detects Meterpreter in-memory, score = , reference = https://www.reddit.com/r/purpleteamsec/comments/hjux11/meterpreter_memory_indicators_detection_tooling/ |
Source: Process Memory Space: ssapst.exe PID: 6228, type: MEMORYSTR |
Matched rule: HKTL_Meterpreter_inMemory date = 2020-06-29, author = netbiosX, Florian Roth, description = Detects Meterpreter in-memory, score = , reference = https://www.reddit.com/r/purpleteamsec/comments/hjux11/meterpreter_memory_indicators_detection_tooling/ |
Source: Process Memory Space: ssapst.exe PID: 7020, type: MEMORYSTR |
Matched rule: HKTL_Meterpreter_inMemory date = 2020-06-29, author = netbiosX, Florian Roth, description = Detects Meterpreter in-memory, score = , reference = https://www.reddit.com/r/purpleteamsec/comments/hjux11/meterpreter_memory_indicators_detection_tooling/ |
Source: Process Memory Space: ssapst.exe PID: 7108, type: MEMORYSTR |
Matched rule: HKTL_Meterpreter_inMemory date = 2020-06-29, author = netbiosX, Florian Roth, description = Detects Meterpreter in-memory, score = , reference = https://www.reddit.com/r/purpleteamsec/comments/hjux11/meterpreter_memory_indicators_detection_tooling/ |
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe, type: DROPPED |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe, type: DROPPED |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe, type: DROPPED |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe, type: DROPPED |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: C:\Users\user\AppData\Roaming\Microsoft\ssapst.exe, type: DROPPED |
Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |