Overview

overview

10

Static

static

1

Endermanch...pt.exe

windows7-x64

10

Endermanch...pt.exe

windows10-1703-x64

10

Endermanch...pt.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    94s
  • max time network
    136s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-02-2023 06:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    [email protected]

  • Size

    211KB

  • MD5

    b805db8f6a84475ef76b795b0d1ed6ae

  • SHA1

    7711cb4873e58b7adcf2a2b047b090e78d10c75b

  • SHA256

    f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf

  • SHA512

    62a2c329b43d186c4c602c5f63efc8d2657aa956f21184334263e4f6d0204d7c31f86bda6e85e65e3b99b891c1630d805b70997731c174f6081ecc367ccf9416

  • SSDEEP

    1536:YoCFfC303p22fkZrRQpnqjoi7l832fbu9ZXILwVENbM:rCVC303p22sZrRQpnviB832Du9WMON

Score
10/10
infinitylockransomware

Malware Config

Signatures

  • InfinityLock Ransomware

    Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.

    ransomwareinfinitylock
  • Modifies extensions of user files 8 IoCs

    Ransomware generally changes the extension on encrypted files.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\[email protected]
    "C:\Users\Admin\AppData\Local\Temp\[email protected]"
    1⤵
    • Modifies extensions of user files
    • Drops file in Program Files directory
    • Checks processor information in registry
    • Suspicious use of AdjustPrivilegeToken
    PID:3220

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3220-132-0x0000000000A70000-0x0000000000AAC000-memory.dmp

    Filesize

    240KB

    Download

  • memory/3220-133-0x00000000054F0000-0x000000000558C000-memory.dmp

    Filesize

    624KB

    Download

  • memory/3220-134-0x0000000005B40000-0x00000000060E4000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/3220-135-0x0000000005590000-0x0000000005622000-memory.dmp

    Filesize

    584KB

    Download

  • memory/3220-136-0x0000000005680000-0x000000000568A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3220-137-0x00000000056F0000-0x0000000005746000-memory.dmp

    Filesize

    344KB

    Download

  • memory/3220-138-0x0000000007810000-0x0000000007876000-memory.dmp

    Filesize

    408KB

    Download