infinitylock | 27a1f89ce5a37815010c8411dddec85d5d66e81a957ad722fbd2dc64f99651c8

Analysis

max time kernel
35s
max time network
112s
platform
windows10_x64
resource
win10v20210410
submitted
09/05/2021, 10:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

123.exe
Size

89KB
MD5

3822d0484ec81d615a0913c398ad1f83
SHA1

b7bd3e90724189c7316b82a70ce85e0a91855089
SHA256

27a1f89ce5a37815010c8411dddec85d5d66e81a957ad722fbd2dc64f99651c8
SHA512

d103abe81ef9bba19a3f21c8a2742b6a6dad2d147bb440e81b1f17b1d0f67fc3dfa4c33c84ec8b7ca1b107fbd91535ee588d29bded615cff58685eb611665fe8

Score

10^/10

infinitylock ransomware

Malware Config

Signatures

InfinityLock Ransomware
Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.
ransomware infinitylock

Modifies extensions of user files 6 IoCs

Ransomware generally changes the extension on encrypted files.

ransomware

description	ioc	Process
File opened for modification	C:\Users\Admin\Pictures\UnpublishInstall.png.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Users\Admin\Pictures\WaitProtect.crw.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Users\Admin\Pictures\ConvertFromGroup.raw.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Users\Admin\Pictures\NewMount.raw.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Users\Admin\Pictures\OptimizeUse.tiff.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Users\Admin\Pictures\StepSet.raw.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\Dynamic.pdf.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\tl.gif.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ko-kr\ui-strings.js.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\cs-cz\ui-strings.js.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations_retina.png.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\root\ui-strings.js.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\TrackedSend.aapp.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\inline-error-1x.png.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\images\themeless\close.svg.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\sv-se\ui-strings.js.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\it-it\ui-strings.js.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\tr-tr\ui-strings.js.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\en-il\ui-strings.js.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\tr-tr\ui-strings.js.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\Close.png.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\cs-cz\ui-strings.js.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationBuildTasks.dll.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\back-arrow-default.svg.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\themes\dark\arrow-right.png.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\ro-ro\ui-strings.js.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_da_135x40.svg.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\en-ae\ui-strings.js.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\en-ae\ui-strings.js.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\root\ui-strings.js.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\acrobat_parcel_generic_32.svg.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\sat_logo_2x.png.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\share_icons.png.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\eu-es\ui-strings.js.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\vstoee100.tlb.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\EScript.api.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\selector.js.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\images\themes\dark\digsig_icons_2x.png.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\root\ui-strings.js.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\ja-jp\ui-strings.js.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\cs-cz\ui-strings.js.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\ROMAN.TXT.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libcef.dll.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_checkbox_partialselected-default_18.svg.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\en_get.svg.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\fullscreen-press.svg.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Scan_visual.svg.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\images\close-2.svg.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\ReadOutLoud.api.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\2d.x3d.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\example_icons.png.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef_100_percent.pak.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_newfolder_18.svg.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\nl-nl\ui-strings.js.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\ca-es\ui-strings.js.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\hu-hu\ui-strings.js.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\ca-es\ui-strings.js.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\cs-cz\AppStore_icon.svg.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dummy.dic.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_comment_18.svg.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\d3dcompiler_47.dll.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\da-dk\ui-strings.js.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\ko-kr\ui-strings.js.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\nl-nl\ui-strings.js.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\root\ui-strings.js.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\fr-fr\ui-strings.js.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\Close2x.png.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\s_close_h.png.50702BC5CF7877055EEC0C3D9008EE6DF28B181B11D3D48F28D747747AC8EE5E	123.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	123.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	123.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3944	123.exe

C:\Users\Admin\AppData\Local\Temp\123.exe
"C:\Users\Admin\AppData\Local\Temp\123.exe"
1⤵
- Modifies extensions of user files
- Drops file in Program Files directory
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:3944

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3944-114-0x0000000000D40000-0x0000000000D41000-memory.dmp

Filesize
4KB

Download
memory/3944-116-0x0000000003040000-0x000000000306A000-memory.dmp

Filesize
168KB

Download
memory/3944-117-0x00000000056F0000-0x00000000056F1000-memory.dmp

Filesize
4KB

Download
memory/3944-118-0x0000000005C90000-0x0000000005C91000-memory.dmp

Filesize
4KB

Download
memory/3944-119-0x0000000005790000-0x0000000005791000-memory.dmp

Filesize
4KB

Download
memory/3944-120-0x0000000005830000-0x0000000005831000-memory.dmp

Filesize
4KB

Download
memory/3944-121-0x00000000058A0000-0x00000000058A1000-memory.dmp

Filesize
4KB

Download
memory/3944-122-0x0000000003080000-0x0000000003081000-memory.dmp

Filesize
4KB

Download
memory/3944-123-0x0000000007B90000-0x0000000007B91000-memory.dmp

Filesize
4KB

Download
memory/3944-124-0x0000000003083000-0x0000000003085000-memory.dmp

Filesize
8KB

Download