infinitylock | bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4

Resubmissions

04-09-2021 18:09

210904-wrxmsshegj 10

31-08-2020 12:21

200831-tnfgvzw7da 10

Analysis

max time kernel
48s
max time network
149s
platform
windows7_x64
resource
win7
submitted
31-08-2020 12:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
Size

77KB
MD5

4e24780d9700a1cb9d741d7ef51889f1
SHA1

4700da92e1f99b576ff517d3fa18103c67ac0d11
SHA256

bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4
SHA512

c1d2501b95822796d6116711d426463dd95fd059201e11cf19f9ba8709782e6997cd4d2c04eb163199d305e04e04462ed032a53f50f9df0f4ff495dfb75450a0

Score

10^/10

ransomware infinitylock

Malware Config

Signatures

InfinityLock Ransomware
Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.
ransomware infinitylock

Modifies extensions of user files 4 IoCs

Ransomware generally changes the extension on encrypted files.

ransomware

Processes:

bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Pictures\WriteConvert.tiff.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Users\Admin\Pictures\DebugApprove.png.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Users\Admin\Pictures\MoveInitialize.png.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Users\Admin\Pictures\SendSwitch.tiff.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe

Drops file in Program Files directory 335 IoCs

Processes:

bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\WidevineCdm\manifest.json.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\msolap100.dll.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\UserControl.zip.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.Office.Tools.v9.0.dll.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\14\BIN\FPSRVUTL.DLL.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\resources.pak.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\VisualElements\LogoCanary.png.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeUpdater.cer.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Help\1033\hxdsui.dll.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Class.zip.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\mpvis.DLL.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql70.xsl.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\CodeFile.zip.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\ResourceInternal.zip.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft.NET\RedistList\AssemblyList_4_extended.xml.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Help\1028\hxdsui.dll.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\PublicAssemblies\extensibility.dll.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Extensions\external_extensions.json.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\VisualElements\SmallLogo.png.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\DataSet.zip.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\WebKit.dll.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\RICHED20.DLL.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\default_apps\external_extensions.json.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Locales\pt-PT.pak.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\swiftshader\libGLESv2.dll.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\VisualElements\LogoBeta.png.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\SetupMetrics\20200616092700.pma.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\VVIEWDWG.DLL.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\TextConv\WksConv\Wkconv.exe.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\Microsoft.VisualStudio.Tools.Applications.DesignTime.tlb.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\d3dcompiler_47.dll.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Help\3082\hxdsui.dll.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Locales\kn.pak.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Informix.xsl.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\template.exe.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\MSOINTL.REST.IDX_DLL.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql90.xsl.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Locales\lv.pak.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\v8_context_snapshot.bin.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Locales\bg.pak.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Module.zip.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationBuildTasks.dll.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\BHOINTL.DLL.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AboutBox.zip.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\template.msi.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\chrome_200_percent.pak.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Locales\fa.pak.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\IEAWSDC.DLL.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Locales\it.pak.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe Root Certificate.cer.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSO.DLL.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.dll.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\default_apps\docs.crx.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Locales\el.pak.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\VisualElements\SmallLogoCanary.png.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\MSOHEV.DLL.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Locales\hr.pak.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe AIR\sentinel.43C420CA9F6C3FD647D9F0016C8988E08FE32A87114C63B68E5C816BEF19A41E	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe

description pid process

Token: SeDebugPrivilege 1092 bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe

description	pid	process
Token: SeDebugPrivilege	1092	bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe

C:\Users\Admin\AppData\Local\Temp\bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe
"C:\Users\Admin\AppData\Local\Temp\bfaebc86c1712aa80f501d859de686078b9f21e89174bd23a19b27af93b40ce4.bin.exe"
1⤵
- Modifies extensions of user files
- Drops file in Program Files directory
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:1092

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1092-0-0x0000000073F10000-0x00000000745FE000-memory.dmp

Filesize
6.9MB

Download
memory/1092-1-0x0000000000E50000-0x0000000000E51000-memory.dmp

Filesize
4KB

Download
memory/1092-3-0x0000000000470000-0x0000000000499000-memory.dmp

Filesize
164KB

Download