infinitylock | f9f20ca0a61f83cd1ba52d6c5c31445900e6ed5459f85527613292db56229794

General

Target

PremiereCrack.exe
Size

89KB
MD5

f7f63358ce4d52e3e73fa449b5a00f57
SHA1

892b623f4f725683d0deed79a168b3a11c8c492c
SHA256

f9f20ca0a61f83cd1ba52d6c5c31445900e6ed5459f85527613292db56229794
SHA512

4c044f48daaf5ff82f521ed81f9132b31ab3a91aee6ed257e7d4d8c8e7281d350ab7e4aebd9e80da0c4894290c58a8c8c36e18f6a87c0fe7b560b8cb538a4f31

Score

10^/10

infinitylock ransomware

Malware Config

Signatures

InfinityLock Ransomware
Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.
ransomware infinitylock

Modifies extensions of user files 4 IoCs

Ransomware generally changes the extension on encrypted files.

ransomware

Processes:

PremiereCrack.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Pictures\LimitDisable.raw.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Users\Admin\Pictures\LimitTest.tiff.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Users\Admin\Pictures\RepairWait.tif.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Users\Admin\Pictures\ResumeOptimize.crw.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe

Drops file in Program Files directory 64 IoCs

Processes:

PremiereCrack.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA01472_.WMF.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15277_.GIF.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\MSOHEVI.DLL.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsBlankPage.html.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\EN00397_.WMF.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0386270.JPG.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PARNT_03.MID.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_COL.HXC.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA02356_.WMF.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\Paper.xml.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0234657.WMF.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.COM.BR.XML.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\GIFT.XML.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\IN00346_.WMF.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0200383.WMF.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Origin.thmx.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\SUBMIT.JS.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\TexturedBlue.css.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Templates\1033\OriginReport.Dotx.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Explorer.zip.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\EN00222_.WMF.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PE02522_.WMF.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\mscss7fr.dll.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions_Response.css.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18208_.WMF.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\excel.exe.manifest.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\MSPUB_K_COL.HXK.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\Computers\computericonMask.bmp.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BS00135_.WMF.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0297229.WMF.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0384888.JPG.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA00068_.WMF.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.NO.XML.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\PS9CRNRH.POC.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsBrowserUpgrade.html.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\DGSIDEBRV.XML.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0107134.WMF.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Desert.css.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR32B.GIF.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR21F.GIF.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\ACADEMIC.ONE.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PE00898_.WMF.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01242_.GIF.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WHIRL2.WMF.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21294_.GIF.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0150861.WMF.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\BANNER.XML.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\DGWEBSBR.XML.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel.dll.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0105276.WMF.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA7\1033\VBUI6.CHM.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0145707.JPG.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\Sort\YEAR.XSL.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\RTF_BOLD.GIF.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO02439_.WMF.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\Paper.xml.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Effects\Module.eftx.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\EXPTOOWS.DLL.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SATIN\PREVIEW.GIF.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA7\1033\VBLR6.CHM.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00174_.GIF.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0105588.WMF.72AE87B3B16495880F4D95E8AF378345741E87D481630F5FC5A7BD9AC2B19580	PremiereCrack.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

PremiereCrack.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	PremiereCrack.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	PremiereCrack.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

PremiereCrack.exe

description pid process

Token: SeDebugPrivilege 1032 PremiereCrack.exe

description	pid	process
Token: SeDebugPrivilege	1032	PremiereCrack.exe

C:\Users\Admin\AppData\Local\Temp\PremiereCrack.exe
"C:\Users\Admin\AppData\Local\Temp\PremiereCrack.exe"
1⤵
- Modifies extensions of user files
- Drops file in Program Files directory
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:1032

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1032-60-0x0000000000D30000-0x0000000000D31000-memory.dmp

Filesize
4KB

Download
memory/1032-62-0x0000000004AA0000-0x0000000004AA1000-memory.dmp

Filesize
4KB

Download
memory/1032-63-0x00000000005D0000-0x00000000005FA000-memory.dmp

Filesize
168KB

Download
memory/1032-64-0x0000000004AA5000-0x0000000004AB6000-memory.dmp

Filesize
68KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads