Overview

overview

10

Static

static

1

Endermanch...pt.exe

windows7-x64

10

Endermanch...pt.exe

windows10-1703-x64

10

Endermanch...pt.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    137s
  • max time network
    86s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    07-02-2023 06:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    [email protected]

  • Size

    211KB

  • MD5

    b805db8f6a84475ef76b795b0d1ed6ae

  • SHA1

    7711cb4873e58b7adcf2a2b047b090e78d10c75b

  • SHA256

    f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf

  • SHA512

    62a2c329b43d186c4c602c5f63efc8d2657aa956f21184334263e4f6d0204d7c31f86bda6e85e65e3b99b891c1630d805b70997731c174f6081ecc367ccf9416

  • SSDEEP

    1536:YoCFfC303p22fkZrRQpnqjoi7l832fbu9ZXILwVENbM:rCVC303p22sZrRQpnviB832Du9WMON

Score
10/10
infinitylockransomware

Malware Config

Signatures

  • InfinityLock Ransomware

    Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.

    ransomwareinfinitylock
  • Modifies extensions of user files 5 IoCs

    Ransomware generally changes the extension on encrypted files.

    ransomware
  • Loads dropped DLL 8 IoCs
  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 11 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 27 IoCs
  • Suspicious use of FindShellTrayWindow 34 IoCs
  • Suspicious use of SendNotifyMessage 34 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\[email protected]
    "C:\Users\Admin\AppData\Local\Temp\[email protected]"
    1⤵
    • Modifies extensions of user files
    • Drops file in Program Files directory
    • Checks processor information in registry
    • Suspicious use of AdjustPrivilegeToken
    PID:1616
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:568
  • C:\Windows\system32\mspaint.exe
    "C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\RegisterRevoke.wmf"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of SetWindowsHookEx
    PID:1156
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1380
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding A8275C00A7F1DCD0C93C03530FD4294D
      2⤵
      • Loads dropped DLL
      PID:1768
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:2028
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x56c
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:844

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Credential Access

    Discovery

    Query Registry

    2
    T1012

    Peripheral Device Discovery

    1
    T1120

    System Information Discovery

    2
    T1082

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\Installer\MSI3E9.tmp
      Filesize

      257KB

      MD5

      d1f5ce6b23351677e54a245f46a9f8d2

      SHA1

      0d5c6749401248284767f16df92b726e727718ca

      SHA256

      57cb8f01cf553c3886760180d1a74839f2f676640115504485aca9692f577acc

      SHA512

      960e90894e7bedcc89894e77e57e8ee0c99dd2c530d02665e8bbd3a1793eccc1e295c5923d1f37c757fa1158097fbaae70898c16052882d3d210c29ea801b3ba

      Download Submit
    • C:\Windows\Installer\MSI419.tmp
      Filesize

      19KB

      MD5

      9cadbfa797783ff9e7fc60301de9e1ff

      SHA1

      83bde6d6b75dfc88d3418ec1a2e935872b8864bb

      SHA256

      c1eda5c42be64cfc08408a276340c9082f424ec1a4e96e78f85e9f80d0634141

      SHA512

      095963d9e01d46dae7908e3de6f115d7a0eebb114a5ec6e4e9312dbc22ba5baa268f5acece328066c9456172e90a95e097a35b9ed61589ce9684762e38f1385b

      Download Submit
    • C:\Windows\Installer\MSI439.tmp
      Filesize

      363KB

      MD5

      4a843a97ae51c310b573a02ffd2a0e8e

      SHA1

      063fa914ccb07249123c0d5f4595935487635b20

      SHA256

      727ecf287fb6f4953ee7748913dd559b4f8d3a022fa2ca55bc51cf5886c52086

      SHA512

      905c081552d95b523ecf1155b6c7e157652e5ff00cda30c1c21124d266eb7d305c3398d6832316f403dc45d1b639f1a5a67aea29922cd1a032f52e5247ec55d2

      Download Submit
    • C:\Windows\Installer\MSI4A7.tmp
      Filesize

      363KB

      MD5

      4a843a97ae51c310b573a02ffd2a0e8e

      SHA1

      063fa914ccb07249123c0d5f4595935487635b20

      SHA256

      727ecf287fb6f4953ee7748913dd559b4f8d3a022fa2ca55bc51cf5886c52086

      SHA512

      905c081552d95b523ecf1155b6c7e157652e5ff00cda30c1c21124d266eb7d305c3398d6832316f403dc45d1b639f1a5a67aea29922cd1a032f52e5247ec55d2

      Download Submit
    • C:\Windows\Installer\MSI535.tmp
      Filesize

      257KB

      MD5

      d1f5ce6b23351677e54a245f46a9f8d2

      SHA1

      0d5c6749401248284767f16df92b726e727718ca

      SHA256

      57cb8f01cf553c3886760180d1a74839f2f676640115504485aca9692f577acc

      SHA512

      960e90894e7bedcc89894e77e57e8ee0c99dd2c530d02665e8bbd3a1793eccc1e295c5923d1f37c757fa1158097fbaae70898c16052882d3d210c29ea801b3ba

      Download Submit
    • C:\Windows\Installer\MSI7F4.tmp
      Filesize

      85KB

      MD5

      5577a98daef4ba33e900a3e3108d6cc1

      SHA1

      5af817186ab0376a0433686be470ea2b48c74f5f

      SHA256

      148199b4f3b6b2030e2aeb63a66e8e333e692d38691bcbe39139cf02bb61b31d

      SHA512

      d37d511975b5331a5b1cdda736890c7d4f2dcba4abac2b9399c977bdb7e09c964327e3f771cd592e2632b0e776545c490f29fd391ec13c7948557957cd805dd5

      Download Submit
    • C:\Windows\Installer\MSI833.tmp
      Filesize

      571KB

      MD5

      5a1e6b155435693938596d58eaca74bb

      SHA1

      27fb323ccc215136ef350469072b6ad559d39c3d

      SHA256

      f2d5eb947b85f763f72de7f800118844a5207c9e3dd456f13186c2aaf0c485ac

      SHA512

      4fee8576ef5541d4923aacb514b09e1e4dc8d6cbb1dcaada67c65240358147b971c2a1d034faf50c594ae7edb4a3c68dd4ffbbb69893413ffb52e71a86c65388

      Download Submit
    • C:\Windows\Installer\MSICC.tmp
      Filesize

      257KB

      MD5

      d1f5ce6b23351677e54a245f46a9f8d2

      SHA1

      0d5c6749401248284767f16df92b726e727718ca

      SHA256

      57cb8f01cf553c3886760180d1a74839f2f676640115504485aca9692f577acc

      SHA512

      960e90894e7bedcc89894e77e57e8ee0c99dd2c530d02665e8bbd3a1793eccc1e295c5923d1f37c757fa1158097fbaae70898c16052882d3d210c29ea801b3ba

      Download Submit
    • \Windows\Installer\MSI3E9.tmp
      Filesize

      257KB

      MD5

      d1f5ce6b23351677e54a245f46a9f8d2

      SHA1

      0d5c6749401248284767f16df92b726e727718ca

      SHA256

      57cb8f01cf553c3886760180d1a74839f2f676640115504485aca9692f577acc

      SHA512

      960e90894e7bedcc89894e77e57e8ee0c99dd2c530d02665e8bbd3a1793eccc1e295c5923d1f37c757fa1158097fbaae70898c16052882d3d210c29ea801b3ba

      Download Submit
    • \Windows\Installer\MSI419.tmp
      Filesize

      19KB

      MD5

      9cadbfa797783ff9e7fc60301de9e1ff

      SHA1

      83bde6d6b75dfc88d3418ec1a2e935872b8864bb

      SHA256

      c1eda5c42be64cfc08408a276340c9082f424ec1a4e96e78f85e9f80d0634141

      SHA512

      095963d9e01d46dae7908e3de6f115d7a0eebb114a5ec6e4e9312dbc22ba5baa268f5acece328066c9456172e90a95e097a35b9ed61589ce9684762e38f1385b

      Download Submit
    • \Windows\Installer\MSI439.tmp
      Filesize

      363KB

      MD5

      4a843a97ae51c310b573a02ffd2a0e8e

      SHA1

      063fa914ccb07249123c0d5f4595935487635b20

      SHA256

      727ecf287fb6f4953ee7748913dd559b4f8d3a022fa2ca55bc51cf5886c52086

      SHA512

      905c081552d95b523ecf1155b6c7e157652e5ff00cda30c1c21124d266eb7d305c3398d6832316f403dc45d1b639f1a5a67aea29922cd1a032f52e5247ec55d2

      Download Submit
    • \Windows\Installer\MSI4A7.tmp
      Filesize

      363KB

      MD5

      4a843a97ae51c310b573a02ffd2a0e8e

      SHA1

      063fa914ccb07249123c0d5f4595935487635b20

      SHA256

      727ecf287fb6f4953ee7748913dd559b4f8d3a022fa2ca55bc51cf5886c52086

      SHA512

      905c081552d95b523ecf1155b6c7e157652e5ff00cda30c1c21124d266eb7d305c3398d6832316f403dc45d1b639f1a5a67aea29922cd1a032f52e5247ec55d2

      Download Submit
    • \Windows\Installer\MSI535.tmp
      Filesize

      257KB

      MD5

      d1f5ce6b23351677e54a245f46a9f8d2

      SHA1

      0d5c6749401248284767f16df92b726e727718ca

      SHA256

      57cb8f01cf553c3886760180d1a74839f2f676640115504485aca9692f577acc

      SHA512

      960e90894e7bedcc89894e77e57e8ee0c99dd2c530d02665e8bbd3a1793eccc1e295c5923d1f37c757fa1158097fbaae70898c16052882d3d210c29ea801b3ba

      Download Submit
    • \Windows\Installer\MSI7F4.tmp
      Filesize

      85KB

      MD5

      5577a98daef4ba33e900a3e3108d6cc1

      SHA1

      5af817186ab0376a0433686be470ea2b48c74f5f

      SHA256

      148199b4f3b6b2030e2aeb63a66e8e333e692d38691bcbe39139cf02bb61b31d

      SHA512

      d37d511975b5331a5b1cdda736890c7d4f2dcba4abac2b9399c977bdb7e09c964327e3f771cd592e2632b0e776545c490f29fd391ec13c7948557957cd805dd5

      Download Submit
    • \Windows\Installer\MSI833.tmp
      Filesize

      571KB

      MD5

      5a1e6b155435693938596d58eaca74bb

      SHA1

      27fb323ccc215136ef350469072b6ad559d39c3d

      SHA256

      f2d5eb947b85f763f72de7f800118844a5207c9e3dd456f13186c2aaf0c485ac

      SHA512

      4fee8576ef5541d4923aacb514b09e1e4dc8d6cbb1dcaada67c65240358147b971c2a1d034faf50c594ae7edb4a3c68dd4ffbbb69893413ffb52e71a86c65388

      Download Submit
    • \Windows\Installer\MSICC.tmp
      Filesize

      257KB

      MD5

      d1f5ce6b23351677e54a245f46a9f8d2

      SHA1

      0d5c6749401248284767f16df92b726e727718ca

      SHA256

      57cb8f01cf553c3886760180d1a74839f2f676640115504485aca9692f577acc

      SHA512

      960e90894e7bedcc89894e77e57e8ee0c99dd2c530d02665e8bbd3a1793eccc1e295c5923d1f37c757fa1158097fbaae70898c16052882d3d210c29ea801b3ba

      Download Submit
    • memory/568-56-0x000007FEFC2C1000-0x000007FEFC2C3000-memory.dmp
      Filesize

      8KB

      Download
    • memory/568-58-0x0000000140000000-0x00000001405E8000-memory.dmp
      Filesize

      5.9MB

      Download
    • memory/568-57-0x0000000140000000-0x00000001405E8000-memory.dmp
      Filesize

      5.9MB

      Download
    • memory/1156-60-0x000007FEFAF70000-0x000007FEFAFBC000-memory.dmp
      Filesize

      304KB

      Download
    • memory/1156-61-0x000007FEFAF70000-0x000007FEFAFBC000-memory.dmp
      Filesize

      304KB

      Download
    • memory/1616-55-0x0000000075C81000-0x0000000075C83000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1616-54-0x0000000000330000-0x000000000036C000-memory.dmp
      Filesize

      240KB

      Download
    • memory/1616-81-0x00000000046C5000-0x00000000046D6000-memory.dmp
      Filesize

      68KB

      Download
    • memory/1616-82-0x00000000046C5000-0x00000000046D6000-memory.dmp
      Filesize

      68KB

      Download
    • memory/1768-63-0x0000000000000000-mapping.dmp
      Download