infinitylock | 0d2137d133179a2fbff7bf38a8125d4b74e9615aaa47b5f4a3056eccce7a8f6e

Analysis

max time kernel
34s
max time network
111s
platform
windows10_x64
resource
win10v20210410
submitted
09-05-2021 10:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

321.exe
Size

89KB
MD5

24f89b42a9614bfbdb4c2bf97c0b0257
SHA1

72081b8dafea8abf3cd042d424e9bd751e9e1121
SHA256

0d2137d133179a2fbff7bf38a8125d4b74e9615aaa47b5f4a3056eccce7a8f6e
SHA512

00efae478f575d9c55a225f43002fc28a9c9a4ad6785873f1cfdfe03a84d34a8adc65fb8e41a5c852b7faaf02ec8eb8a7f4d92663aa59d5b9a6a073f1e23817e

Score

10^/10

infinitylock ransomware

Malware Config

Signatures

InfinityLock Ransomware
Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.
ransomware infinitylock

Modifies extensions of user files 7 IoCs

Ransomware generally changes the extension on encrypted files.

ransomware

description	ioc	Process
File opened for modification	C:\Users\Admin\Pictures\SetUse.tiff.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Users\Admin\Pictures\SubmitUnpublish.tiff.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Users\Admin\Pictures\SyncClear.tif.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Users\Admin\Pictures\EnableHide.tiff.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Users\Admin\Pictures\InitializeExit.crw.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Users\Admin\Pictures\OutStep.png.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Users\Admin\Pictures\RenameJoin.tif.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\plugin.X.manifest.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\spectrum_spinner_process.svg.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_filterselected-dark-hover_32.svg.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\nb-no\ui-strings.js.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\zh-tw\ui-strings.js.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\fullscreen-exit-press.svg.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\sl_get.svg.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\sv_get.svg.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\cs-cz\ui-strings.js.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\Confirmation2x.png.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\PackageProviderFunctions.psm1.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_ellipses_selected-hover.svg.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\nl-nl\ui-strings.js.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\check-mark-1x.png.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\ro-ro\ui-strings.js.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\Reader_DC.helpcfg.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\Common Files\System\DirectDB.dll.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\export.svg.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\logo_retina.png.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\UKRAINE.TXT.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\MakeAccessible.api.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\root\ui-strings.js.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\hu-hu\ui-strings.js.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\de-de\ui-strings.js.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\css\main.css.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\main-high-contrast.css.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\next-arrow-hover.svg.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\root\ui-strings.js.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\sample-thumb.png.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\hr-hr\ui-strings.js.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_GB\README.txt.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\cs-cz\ui-strings.js.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\css\main-selector.css.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Download_on_the_App_Store_Badge_ko_135x40.svg.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\plugin.js.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\CORPCHAR.TXT.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\it-it\ui-strings.js.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\pl-pl\ui-strings.js.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\es-419_get.svg.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\S_IlluEmptyStateDCFiles_280x192.svg.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\ko-kr\ui-strings.js.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\bg_get.svg.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\ja-jp\ui-strings.js.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\exportpdf-selector.js.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\ru-ru\ui-strings.js.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\pt-br\ui-strings.js.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\pt_get.svg.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\es-es\ui-strings.js.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ru-ru\ui-strings.js.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\hu-hu\ui-strings.js.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\progress_spinner2x.gif.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\en-il\ui-strings.js.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\hr-hr\ui-strings.js.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_history_18.svg.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\sv-se\ui-strings.js.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\zh-tw\ui-strings.js.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\tr-tr\ui-strings.js.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\it-it\ui-strings.js.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ko-kr\ui-strings.js.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\eu-es\ui-strings.js.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\new_icons_retina.png.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\plugin.js.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\images\rhp_world_icon_hover.png.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\themes\dark\rhp_world_icon_2x.png.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	321.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	321.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	321.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1736	321.exe

C:\Users\Admin\AppData\Local\Temp\321.exe
"C:\Users\Admin\AppData\Local\Temp\321.exe"
1⤵
- Modifies extensions of user files
- Drops file in Program Files directory
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:1736

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1736-114-0x0000000000F50000-0x0000000000F51000-memory.dmp

Filesize
4KB

Download
memory/1736-117-0x00000000058E0000-0x00000000058E1000-memory.dmp

Filesize
4KB

Download
memory/1736-116-0x00000000030C0000-0x00000000030EA000-memory.dmp

Filesize
168KB

Download
memory/1736-118-0x0000000005E80000-0x0000000005E81000-memory.dmp

Filesize
4KB

Download
memory/1736-119-0x0000000005980000-0x0000000005981000-memory.dmp

Filesize
4KB

Download
memory/1736-120-0x0000000005770000-0x0000000005771000-memory.dmp

Filesize
4KB

Download
memory/1736-121-0x0000000005A40000-0x0000000005A41000-memory.dmp

Filesize
4KB

Download
memory/1736-122-0x0000000005AB0000-0x0000000005AB1000-memory.dmp

Filesize
4KB

Download
memory/1736-123-0x0000000007630000-0x0000000007631000-memory.dmp

Filesize
4KB

Download
memory/1736-124-0x0000000005773000-0x0000000005775000-memory.dmp

Filesize
8KB

Download