Source: mPNVrHIpyt.exe, type: SAMPLE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: mPNVrHIpyt.exe, type: SAMPLE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: mPNVrHIpyt.exe, type: SAMPLE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 33.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 33.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 33.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 13.3.wzltxa.exe.3270000.0.raw.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 13.3.wzltxa.exe.3270000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 13.3.wzltxa.exe.3270000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 25.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 25.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 25.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 25.3.wzltxa.exe.3a00000.0.raw.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 25.3.wzltxa.exe.3a00000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 25.3.wzltxa.exe.3a00000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 11.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 11.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 11.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 18.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 18.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 18.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 22.3.wzltxa.exe.3640000.0.raw.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 22.3.wzltxa.exe.3640000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 22.3.wzltxa.exe.3640000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 12.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 12.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 12.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 39.3.wzltxa.exe.4010000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 39.3.wzltxa.exe.4010000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 39.3.wzltxa.exe.4010000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 15.3.wzltxa.exe.2fa0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 15.3.wzltxa.exe.2fa0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 15.3.wzltxa.exe.2fa0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 13.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 13.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 13.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 28.3.wzltxa.exe.38a0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 28.3.wzltxa.exe.38a0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 28.3.wzltxa.exe.38a0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 0.3.mPNVrHIpyt.exe.3e00000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 0.3.mPNVrHIpyt.exe.3e00000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 0.3.mPNVrHIpyt.exe.3e00000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 30.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 30.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 30.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 31.3.wzltxa.exe.3b90000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 31.3.wzltxa.exe.3b90000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 31.3.wzltxa.exe.3b90000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 11.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 11.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 11.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 11.3.wzltxa.exe.3940000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 11.3.wzltxa.exe.3940000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 11.3.wzltxa.exe.3940000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 12.3.wzltxa.exe.3b20000.0.raw.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 12.3.wzltxa.exe.3b20000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 12.3.wzltxa.exe.3b20000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 39.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 39.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 39.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 15.3.wzltxa.exe.2fa0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 15.3.wzltxa.exe.2fa0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 15.3.wzltxa.exe.2fa0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 22.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 22.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 22.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 12.3.wzltxa.exe.3b20000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 12.3.wzltxa.exe.3b20000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 12.3.wzltxa.exe.3b20000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 31.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 31.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 31.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 40.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 40.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 40.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 33.3.wzltxa.exe.2f00000.0.raw.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 33.3.wzltxa.exe.2f00000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 33.3.wzltxa.exe.2f00000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 13.3.wzltxa.exe.3270000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 13.3.wzltxa.exe.3270000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 13.3.wzltxa.exe.3270000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 18.3.wzltxa.exe.3a80000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 18.3.wzltxa.exe.3a80000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 18.3.wzltxa.exe.3a80000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 11.3.wzltxa.exe.3940000.0.raw.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 11.3.wzltxa.exe.3940000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 11.3.wzltxa.exe.3940000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 34.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 34.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 34.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 20.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 20.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 20.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 0.0.mPNVrHIpyt.exe.f690000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 0.0.mPNVrHIpyt.exe.f690000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 0.0.mPNVrHIpyt.exe.f690000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 27.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 27.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 27.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 33.3.wzltxa.exe.2f00000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 33.3.wzltxa.exe.2f00000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 33.3.wzltxa.exe.2f00000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 25.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 25.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 25.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 34.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 34.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 34.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 13.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 13.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 13.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 39.3.wzltxa.exe.4010000.0.raw.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 39.3.wzltxa.exe.4010000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 39.3.wzltxa.exe.4010000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 22.3.wzltxa.exe.3640000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 22.3.wzltxa.exe.3640000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 22.3.wzltxa.exe.3640000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 18.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 18.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 18.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 28.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 28.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 28.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 15.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 15.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 15.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 18.3.wzltxa.exe.3a80000.0.raw.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 18.3.wzltxa.exe.3a80000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 18.3.wzltxa.exe.3a80000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 31.3.wzltxa.exe.3b90000.0.raw.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 31.3.wzltxa.exe.3b90000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 31.3.wzltxa.exe.3b90000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 15.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 15.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 15.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 0.3.mPNVrHIpyt.exe.3e00000.0.raw.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 0.3.mPNVrHIpyt.exe.3e00000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 0.3.mPNVrHIpyt.exe.3e00000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 20.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 30.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 20.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 20.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 30.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 30.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 27.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 27.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 27.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 25.3.wzltxa.exe.3a00000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 25.3.wzltxa.exe.3a00000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 25.3.wzltxa.exe.3a00000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 40.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 40.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 40.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 0.2.mPNVrHIpyt.exe.f690000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 0.2.mPNVrHIpyt.exe.f690000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 0.2.mPNVrHIpyt.exe.f690000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 22.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 22.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 22.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 33.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 33.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 33.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 28.3.wzltxa.exe.38a0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 28.3.wzltxa.exe.38a0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 28.3.wzltxa.exe.38a0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 28.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 28.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 28.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 39.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 39.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 39.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 12.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 12.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 12.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 31.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 31.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 31.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 0000001F.00000003.539610642.0000000003B90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 0000001F.00000003.539610642.0000000003B90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 0000001F.00000003.539610642.0000000003B90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 0000000C.00000003.343975450.0000000003B20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 0000000C.00000003.343975450.0000000003B20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 0000000C.00000003.343975450.0000000003B20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 00000027.00000003.604611550.0000000004010000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 00000027.00000003.604611550.0000000004010000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 00000027.00000003.604611550.0000000004010000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 0000001C.00000003.509057598.00000000038A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 0000001C.00000003.509057598.00000000038A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 0000001C.00000003.509057598.00000000038A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 00000000.00000003.280650626.0000000003E00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 00000000.00000003.280650626.0000000003E00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 00000000.00000003.280650626.0000000003E00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 00000016.00000003.443479124.0000000003640000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 00000016.00000003.443479124.0000000003640000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 00000016.00000003.443479124.0000000003640000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 00000012.00000003.405995868.0000000003A80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 00000012.00000003.405995868.0000000003A80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 00000012.00000003.405995868.0000000003A80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 00000021.00000003.565723232.0000000002F00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 00000021.00000003.565723232.0000000002F00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 00000021.00000003.565723232.0000000002F00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 00000019.00000003.469796043.0000000003A00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 00000019.00000003.469796043.0000000003A00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 00000019.00000003.469796043.0000000003A00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 0000000F.00000003.383072637.0000000002FA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 0000000F.00000003.383072637.0000000002FA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 0000000F.00000003.383072637.0000000002FA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 0000000B.00000003.319280593.0000000003940000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 0000000B.00000003.319280593.0000000003940000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 0000000B.00000003.319280593.0000000003940000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: 0000000D.00000003.356575582.0000000003270000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 0000000D.00000003.356575582.0000000003270000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 0000000D.00000003.356575582.0000000003270000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: C:\Users\user\AppData\Roaming\Microsoft\wzltxa.exe, type: DROPPED | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: C:\Users\user\AppData\Roaming\Microsoft\wzltxa.exe, type: DROPPED | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: C:\Users\user\AppData\Roaming\Microsoft\wzltxa.exe, type: DROPPED | Matched rule: Win32_Ransomware_GandCrab Author: ReversingLabs |
Source: mPNVrHIpyt.exe, type: SAMPLE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: mPNVrHIpyt.exe, type: SAMPLE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: mPNVrHIpyt.exe, type: SAMPLE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: mPNVrHIpyt.exe, type: SAMPLE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: mPNVrHIpyt.exe, type: SAMPLE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 33.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 33.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 33.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 33.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 33.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 13.3.wzltxa.exe.3270000.0.raw.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 13.3.wzltxa.exe.3270000.0.raw.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 13.3.wzltxa.exe.3270000.0.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 13.3.wzltxa.exe.3270000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 13.3.wzltxa.exe.3270000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 25.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 25.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 25.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 25.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 25.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 25.3.wzltxa.exe.3a00000.0.raw.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 25.3.wzltxa.exe.3a00000.0.raw.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 25.3.wzltxa.exe.3a00000.0.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 25.3.wzltxa.exe.3a00000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 25.3.wzltxa.exe.3a00000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 11.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 11.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 11.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 11.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 11.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 18.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 18.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 18.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 18.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 18.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 22.3.wzltxa.exe.3640000.0.raw.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 22.3.wzltxa.exe.3640000.0.raw.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 22.3.wzltxa.exe.3640000.0.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 22.3.wzltxa.exe.3640000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 22.3.wzltxa.exe.3640000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 12.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 12.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 12.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 12.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 12.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 39.3.wzltxa.exe.4010000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 39.3.wzltxa.exe.4010000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 39.3.wzltxa.exe.4010000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 39.3.wzltxa.exe.4010000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 39.3.wzltxa.exe.4010000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 15.3.wzltxa.exe.2fa0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 15.3.wzltxa.exe.2fa0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 15.3.wzltxa.exe.2fa0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 15.3.wzltxa.exe.2fa0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 15.3.wzltxa.exe.2fa0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 13.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 13.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 13.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 13.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 13.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 28.3.wzltxa.exe.38a0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 28.3.wzltxa.exe.38a0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 28.3.wzltxa.exe.38a0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 28.3.wzltxa.exe.38a0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 28.3.wzltxa.exe.38a0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 0.3.mPNVrHIpyt.exe.3e00000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 0.3.mPNVrHIpyt.exe.3e00000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 0.3.mPNVrHIpyt.exe.3e00000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 0.3.mPNVrHIpyt.exe.3e00000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 0.3.mPNVrHIpyt.exe.3e00000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 30.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 30.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 30.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 30.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 30.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 31.3.wzltxa.exe.3b90000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 31.3.wzltxa.exe.3b90000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 31.3.wzltxa.exe.3b90000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 31.3.wzltxa.exe.3b90000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 31.3.wzltxa.exe.3b90000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 11.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 11.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 11.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 11.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 11.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 11.3.wzltxa.exe.3940000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 11.3.wzltxa.exe.3940000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 11.3.wzltxa.exe.3940000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 11.3.wzltxa.exe.3940000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 11.3.wzltxa.exe.3940000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 12.3.wzltxa.exe.3b20000.0.raw.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 12.3.wzltxa.exe.3b20000.0.raw.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 12.3.wzltxa.exe.3b20000.0.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 12.3.wzltxa.exe.3b20000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 12.3.wzltxa.exe.3b20000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 39.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 39.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 39.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 39.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 39.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 15.3.wzltxa.exe.2fa0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 15.3.wzltxa.exe.2fa0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 15.3.wzltxa.exe.2fa0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 15.3.wzltxa.exe.2fa0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 15.3.wzltxa.exe.2fa0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 22.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 22.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 22.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 22.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 22.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 12.3.wzltxa.exe.3b20000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 12.3.wzltxa.exe.3b20000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 12.3.wzltxa.exe.3b20000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 12.3.wzltxa.exe.3b20000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 12.3.wzltxa.exe.3b20000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 31.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 31.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 31.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 31.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 31.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 40.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 40.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 40.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 40.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 40.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 33.3.wzltxa.exe.2f00000.0.raw.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 33.3.wzltxa.exe.2f00000.0.raw.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 33.3.wzltxa.exe.2f00000.0.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 33.3.wzltxa.exe.2f00000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 33.3.wzltxa.exe.2f00000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 13.3.wzltxa.exe.3270000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 13.3.wzltxa.exe.3270000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 13.3.wzltxa.exe.3270000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 13.3.wzltxa.exe.3270000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 13.3.wzltxa.exe.3270000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 18.3.wzltxa.exe.3a80000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 18.3.wzltxa.exe.3a80000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 18.3.wzltxa.exe.3a80000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 18.3.wzltxa.exe.3a80000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 18.3.wzltxa.exe.3a80000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 11.3.wzltxa.exe.3940000.0.raw.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 11.3.wzltxa.exe.3940000.0.raw.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 11.3.wzltxa.exe.3940000.0.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 11.3.wzltxa.exe.3940000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 11.3.wzltxa.exe.3940000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 34.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 34.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 34.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 34.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 34.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 20.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 20.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 20.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 20.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 20.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 0.0.mPNVrHIpyt.exe.f690000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 0.0.mPNVrHIpyt.exe.f690000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 0.0.mPNVrHIpyt.exe.f690000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 0.0.mPNVrHIpyt.exe.f690000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 0.0.mPNVrHIpyt.exe.f690000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 27.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 27.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 27.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 27.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 27.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 33.3.wzltxa.exe.2f00000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 33.3.wzltxa.exe.2f00000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 33.3.wzltxa.exe.2f00000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 33.3.wzltxa.exe.2f00000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 33.3.wzltxa.exe.2f00000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 25.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 25.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 25.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 25.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 25.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 34.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 34.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 34.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 34.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 34.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 13.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 13.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 13.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 13.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 13.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 39.3.wzltxa.exe.4010000.0.raw.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 39.3.wzltxa.exe.4010000.0.raw.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 39.3.wzltxa.exe.4010000.0.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 39.3.wzltxa.exe.4010000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 39.3.wzltxa.exe.4010000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 22.3.wzltxa.exe.3640000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 22.3.wzltxa.exe.3640000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 22.3.wzltxa.exe.3640000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 22.3.wzltxa.exe.3640000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 22.3.wzltxa.exe.3640000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 18.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 18.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 18.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 18.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 18.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 28.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 28.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 28.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 28.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 28.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 15.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 15.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 15.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 15.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 15.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 18.3.wzltxa.exe.3a80000.0.raw.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 18.3.wzltxa.exe.3a80000.0.raw.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 18.3.wzltxa.exe.3a80000.0.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 18.3.wzltxa.exe.3a80000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 18.3.wzltxa.exe.3a80000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 31.3.wzltxa.exe.3b90000.0.raw.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 31.3.wzltxa.exe.3b90000.0.raw.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 31.3.wzltxa.exe.3b90000.0.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 31.3.wzltxa.exe.3b90000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 31.3.wzltxa.exe.3b90000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 15.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 15.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 15.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 15.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 15.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 0.3.mPNVrHIpyt.exe.3e00000.0.raw.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 0.3.mPNVrHIpyt.exe.3e00000.0.raw.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 0.3.mPNVrHIpyt.exe.3e00000.0.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 0.3.mPNVrHIpyt.exe.3e00000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 0.3.mPNVrHIpyt.exe.3e00000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 20.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 20.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 30.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 30.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 20.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 30.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 20.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 20.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 30.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 30.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 27.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 27.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 27.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 27.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 27.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 25.3.wzltxa.exe.3a00000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 25.3.wzltxa.exe.3a00000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 25.3.wzltxa.exe.3a00000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 25.3.wzltxa.exe.3a00000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 25.3.wzltxa.exe.3a00000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 40.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 40.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 40.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 40.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 40.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 0.2.mPNVrHIpyt.exe.f690000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 0.2.mPNVrHIpyt.exe.f690000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 0.2.mPNVrHIpyt.exe.f690000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 0.2.mPNVrHIpyt.exe.f690000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 0.2.mPNVrHIpyt.exe.f690000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 22.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 22.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 22.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 22.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 22.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 33.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 33.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 33.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 33.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 33.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 28.3.wzltxa.exe.38a0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 28.3.wzltxa.exe.38a0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 28.3.wzltxa.exe.38a0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 28.3.wzltxa.exe.38a0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 28.3.wzltxa.exe.38a0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 28.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 28.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 28.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 28.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 28.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 39.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 39.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 39.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 39.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 39.0.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 12.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 12.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 12.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 12.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 12.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 31.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 31.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 31.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 31.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 31.2.wzltxa.exe.fbb0000.0.unpack, type: UNPACKEDPE | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 0000001F.00000003.539610642.0000000003B90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 0000001F.00000003.539610642.0000000003B90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 0000001F.00000003.539610642.0000000003B90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 0000001F.00000003.539610642.0000000003B90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 0000001F.00000003.539610642.0000000003B90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 0000000C.00000003.343975450.0000000003B20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 0000000C.00000003.343975450.0000000003B20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 0000000C.00000003.343975450.0000000003B20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 0000000C.00000003.343975450.0000000003B20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 0000000C.00000003.343975450.0000000003B20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 00000027.00000003.604611550.0000000004010000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 00000027.00000003.604611550.0000000004010000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 00000027.00000003.604611550.0000000004010000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 00000027.00000003.604611550.0000000004010000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 00000027.00000003.604611550.0000000004010000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 0000001C.00000003.509057598.00000000038A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 0000001C.00000003.509057598.00000000038A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 0000001C.00000003.509057598.00000000038A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 0000001C.00000003.509057598.00000000038A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 0000001C.00000003.509057598.00000000038A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 00000000.00000003.280650626.0000000003E00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 00000000.00000003.280650626.0000000003E00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 00000000.00000003.280650626.0000000003E00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 00000000.00000003.280650626.0000000003E00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 00000000.00000003.280650626.0000000003E00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 00000016.00000003.443479124.0000000003640000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 00000016.00000003.443479124.0000000003640000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 00000016.00000003.443479124.0000000003640000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 00000016.00000003.443479124.0000000003640000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 00000016.00000003.443479124.0000000003640000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 00000012.00000003.405995868.0000000003A80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 00000012.00000003.405995868.0000000003A80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 00000012.00000003.405995868.0000000003A80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 00000012.00000003.405995868.0000000003A80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 00000012.00000003.405995868.0000000003A80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 00000021.00000003.565723232.0000000002F00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 00000021.00000003.565723232.0000000002F00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 00000021.00000003.565723232.0000000002F00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 00000021.00000003.565723232.0000000002F00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 00000021.00000003.565723232.0000000002F00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 00000019.00000003.469796043.0000000003A00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 00000019.00000003.469796043.0000000003A00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 00000019.00000003.469796043.0000000003A00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 00000019.00000003.469796043.0000000003A00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 00000019.00000003.469796043.0000000003A00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 0000000F.00000003.383072637.0000000002FA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 0000000F.00000003.383072637.0000000002FA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 0000000F.00000003.383072637.0000000002FA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 0000000F.00000003.383072637.0000000002FA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 0000000F.00000003.383072637.0000000002FA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 0000000B.00000003.319280593.0000000003940000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 0000000B.00000003.319280593.0000000003940000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 0000000B.00000003.319280593.0000000003940000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 0000000B.00000003.319280593.0000000003940000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 0000000B.00000003.319280593.0000000003940000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: 0000000D.00000003.356575582.0000000003270000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 0000000D.00000003.356575582.0000000003270000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 0000000D.00000003.356575582.0000000003270000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 0000000D.00000003.356575582.0000000003270000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 0000000D.00000003.356575582.0000000003270000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |
Source: Process Memory Space: wzltxa.exe PID: 1276, type: MEMORYSTR | Matched rule: HKTL_Meterpreter_inMemory date = 2020-06-29, author = netbiosX, Florian Roth, description = Detects Meterpreter in-memory, score = , reference = https://www.reddit.com/r/purpleteamsec/comments/hjux11/meterpreter_memory_indicators_detection_tooling/ |
Source: Process Memory Space: wzltxa.exe PID: 4616, type: MEMORYSTR | Matched rule: HKTL_Meterpreter_inMemory date = 2020-06-29, author = netbiosX, Florian Roth, description = Detects Meterpreter in-memory, score = , reference = https://www.reddit.com/r/purpleteamsec/comments/hjux11/meterpreter_memory_indicators_detection_tooling/ |
Source: Process Memory Space: wzltxa.exe PID: 6136, type: MEMORYSTR | Matched rule: HKTL_Meterpreter_inMemory date = 2020-06-29, author = netbiosX, Florian Roth, description = Detects Meterpreter in-memory, score = , reference = https://www.reddit.com/r/purpleteamsec/comments/hjux11/meterpreter_memory_indicators_detection_tooling/ |
Source: Process Memory Space: wzltxa.exe PID: 1356, type: MEMORYSTR | Matched rule: HKTL_Meterpreter_inMemory date = 2020-06-29, author = netbiosX, Florian Roth, description = Detects Meterpreter in-memory, score = , reference = https://www.reddit.com/r/purpleteamsec/comments/hjux11/meterpreter_memory_indicators_detection_tooling/ |
Source: Process Memory Space: wzltxa.exe PID: 6016, type: MEMORYSTR | Matched rule: HKTL_Meterpreter_inMemory date = 2020-06-29, author = netbiosX, Florian Roth, description = Detects Meterpreter in-memory, score = , reference = https://www.reddit.com/r/purpleteamsec/comments/hjux11/meterpreter_memory_indicators_detection_tooling/ |
Source: Process Memory Space: wzltxa.exe PID: 6128, type: MEMORYSTR | Matched rule: HKTL_Meterpreter_inMemory date = 2020-06-29, author = netbiosX, Florian Roth, description = Detects Meterpreter in-memory, score = , reference = https://www.reddit.com/r/purpleteamsec/comments/hjux11/meterpreter_memory_indicators_detection_tooling/ |
Source: Process Memory Space: wzltxa.exe PID: 2156, type: MEMORYSTR | Matched rule: HKTL_Meterpreter_inMemory date = 2020-06-29, author = netbiosX, Florian Roth, description = Detects Meterpreter in-memory, score = , reference = https://www.reddit.com/r/purpleteamsec/comments/hjux11/meterpreter_memory_indicators_detection_tooling/ |
Source: Process Memory Space: wzltxa.exe PID: 5248, type: MEMORYSTR | Matched rule: HKTL_Meterpreter_inMemory date = 2020-06-29, author = netbiosX, Florian Roth, description = Detects Meterpreter in-memory, score = , reference = https://www.reddit.com/r/purpleteamsec/comments/hjux11/meterpreter_memory_indicators_detection_tooling/ |
Source: C:\Users\user\AppData\Roaming\Microsoft\wzltxa.exe, type: DROPPED | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: C:\Users\user\AppData\Roaming\Microsoft\wzltxa.exe, type: DROPPED | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: C:\Users\user\AppData\Roaming\Microsoft\wzltxa.exe, type: DROPPED | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: C:\Users\user\AppData\Roaming\Microsoft\wzltxa.exe, type: DROPPED | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: C:\Users\user\AppData\Roaming\Microsoft\wzltxa.exe, type: DROPPED | Matched rule: Win32_Ransomware_GandCrab tc_detection_name = GandCrab, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware |