infinitylock | f09ef1790c19bf72849d278e2a759cd5a3f00421af372a2039fafed270bcdc93

Analysis

max time kernel
100s
max time network
131s
platform
windows7_x64
resource
win7v20210408
submitted
09-05-2021 09:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PremiereCrack.exe
Size

89KB
MD5

24f89b42a9614bfbdb4c2bf97c0b0257
SHA1

72081b8dafea8abf3cd042d424e9bd751e9e1121
SHA256

0d2137d133179a2fbff7bf38a8125d4b74e9615aaa47b5f4a3056eccce7a8f6e
SHA512

00efae478f575d9c55a225f43002fc28a9c9a4ad6785873f1cfdfe03a84d34a8adc65fb8e41a5c852b7faaf02ec8eb8a7f4d92663aa59d5b9a6a073f1e23817e

Score

10^/10

infinitylock ransomware

Malware Config

Signatures

InfinityLock Ransomware
Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.
ransomware infinitylock

Modifies extensions of user files 8 IoCs

Ransomware generally changes the extension on encrypted files.

ransomware

description	ioc	Process
File opened for modification	C:\Users\Admin\Pictures\StopMeasure.tiff.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Users\Admin\Pictures\UndoDebug.crw.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Users\Admin\Pictures\AssertSplit.raw.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Users\Admin\Pictures\ExpandCopy.tiff.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Users\Admin\Pictures\GetRestart.png.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Users\Admin\Pictures\HideWrite.crw.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Users\Admin\Pictures\RestoreResize.png.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Users\Admin\Pictures\SelectUnblock.raw.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143752.GIF.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0199661.WMF.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18218_.WMF.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\NotifierDisableUpArrow.jpg.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Sts.css.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BS00440_.WMF.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0321179.JPG.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO01569_.WMF.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\OCRHC.DAT.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\BORDERS\MSART6.BDR.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\MEDIA\CLICK.WAV.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSO.DLL.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AN01216_.WMF.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0157831.WMF.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Slate\TAB_OFF.GIF.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099200.GIF.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\POWERPNT.DEV_F_COL.HXK.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\UnformattedNumeric.jpg.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\PGLBL109.XML.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\PGMN001.XML.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\REPORTS.ICO.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\CommsOutgoingImageSmall.jpg.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_FormsHomePageBlank.gif.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\MENU.XML.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.config.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0241773.WMF.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA00433_.WMF.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Excel.en-us\ExcelMUI.XML.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_Groove.gif.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\PGMN065.XML.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\OFFRHD.DLL.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PROTTPLV.XLS.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA00396_.WMF.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\TN00234_.WMF.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18242_.WMF.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA00388_.WMF.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\SWBELL.NET.XML.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\DVDHM.POC.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Help\3082\hxdsui.dll.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0107266.WMF.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0107492.WMF.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01292_.GIF.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0299587.WMF.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0301480.WMF.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\PULLQUOTEBB.POC.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RMNSQUE\THMBNAIL.PNG.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0214934.WMF.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO00513_.WMF.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SL00286_.WMF.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\MEDIA\WIND.WAV.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\DD01585_.WMF.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0105398.WMF.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PE01797_.WMF.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\ONWordAddin.dll.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PPTIRMV.XML.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\PGLBL054.XML.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\PGLBL087.XML.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\DD01168_.WMF.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0150861.WMF.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO00734_.WMF.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0252629.WMF.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	PremiereCrack.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	PremiereCrack.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1668	PremiereCrack.exe

C:\Users\Admin\AppData\Local\Temp\PremiereCrack.exe
"C:\Users\Admin\AppData\Local\Temp\PremiereCrack.exe"
1⤵
- Modifies extensions of user files
- Drops file in Program Files directory
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:1668

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1668-59-0x0000000000DD0000-0x0000000000DD1000-memory.dmp

Filesize
4KB

Download
memory/1668-61-0x00000000048F0000-0x00000000048F1000-memory.dmp

Filesize
4KB

Download
memory/1668-62-0x0000000000370000-0x000000000039A000-memory.dmp

Filesize
168KB

Download
memory/1668-63-0x00000000048F5000-0x0000000004906000-memory.dmp

Filesize
68KB

Download