Overview

overview

10

Static

static

3

InfinityCrypt.exe

windows7-x64

10

InfinityCrypt.exe

windows10-2004-x64

10

Resubmissions

07-08-2023 11:21

230807-nghrwsfa46 10

06-08-2023 18:45

230806-xd334adc4s 10

Analysis

  • max time kernel
    221s
  • max time network
    224s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    07-08-2023 11:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    InfinityCrypt.exe

  • Size

    211KB

  • MD5

    b805db8f6a84475ef76b795b0d1ed6ae

  • SHA1

    7711cb4873e58b7adcf2a2b047b090e78d10c75b

  • SHA256

    f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf

  • SHA512

    62a2c329b43d186c4c602c5f63efc8d2657aa956f21184334263e4f6d0204d7c31f86bda6e85e65e3b99b891c1630d805b70997731c174f6081ecc367ccf9416

  • SSDEEP

    1536:YoCFfC303p22fkZrRQpnqjoi7l832fbu9ZXILwVENbM:rCVC303p22sZrRQpnviB832Du9WMON

Score
10/10
infinitylockransomware

Malware Config

Signatures

  • InfinityLock Ransomware

    Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.

    ransomwareinfinitylock
  • Drops file in Program Files directory 64 IoCs
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 40 IoCs
  • Suspicious use of SendNotifyMessage 38 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe
    "C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2676
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:440
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2620
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2620 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2356

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_OFF.GIF.7A96F109ECFAB02808A6CDC6A69B53BCE984DCE37ECF7E94A1FF0CD60A8B4F4D
    Filesize

    352B

    MD5

    81bf2f942a6589905784b844c83e659e

    SHA1

    82df70b206cb142d3cb92e3bbc38df758eab18ae

    SHA256

    c5ce1d796c10322a9835a0569613f38ee8c038331b2167eafcff4436c9da1d8b

    SHA512

    16fc7eaff230532c36149185156842f2f5226aad8202993ae4511e4d90fdb8e16a54769e871fa4816d29786ec08a36453872ea11e2742b5db7e3933cb19ec1b2

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_ON.GIF.7A96F109ECFAB02808A6CDC6A69B53BCE984DCE37ECF7E94A1FF0CD60A8B4F4D
    Filesize

    224B

    MD5

    d61f4a2f1a972c501faf7e1c125e7efe

    SHA1

    580524c90c3cc5393ec93dca965e76bc1d3aa1d5

    SHA256

    92694f837d19a86c9bd91d490cf5bdfb97299b777d2c98b65e4274260187c992

    SHA512

    13097e1a6c7bf385873a501c3c869ccb7bb7174ea20f52ae2aa88bc49ab3a462c99813b98ed387c0826f21d7413cfd44f1387ac7fba3fe763f2989ce19f259ed

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_F_COL.HXK.7A96F109ECFAB02808A6CDC6A69B53BCE984DCE37ECF7E94A1FF0CD60A8B4F4D
    Filesize

    128B

    MD5

    522e3704b9dcb9e959f943c94311474b

    SHA1

    06ae06a779d0244234aa5bfb6557bfd8191ca121

    SHA256

    40098d589cbfba6f4cddd7674dbb1335c84e1ef7f62dbaf15e8210bd0e247d37

    SHA512

    e6bba0bad0de89f44918f0ac3b8d5c1f68532c77efbfabc6a1068dcbee5a29c3166ab67696e7cad50b4b4c9966caf8af71ca2d39a4cff2c591a7dcaa64e0bc64

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_K_COL.HXK.7A96F109ECFAB02808A6CDC6A69B53BCE984DCE37ECF7E94A1FF0CD60A8B4F4D
    Filesize

    128B

    MD5

    856765aaaad3e79613a9e57b15a1bb48

    SHA1

    408ae248962c85849e77cbcbe73faf5495078d8d

    SHA256

    b2ed98ee9af56f271b289a595161a9e4876ca6b7d9dea1be7a9ef710513c3112

    SHA512

    cb0614d68021aef5e9ad93a0e9249ea6305b9c9c3024bbaeb3568e0fc89ba7e11069b09bff3768efde109cbc289c34d7aac36db1fa3f06927feb17c3c27fd607

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\BUTTON.GIF.7A96F109ECFAB02808A6CDC6A69B53BCE984DCE37ECF7E94A1FF0CD60A8B4F4D
    Filesize

    192B

    MD5

    475f0c861a5160a8a2eb0dba1201ca12

    SHA1

    35a00c89ffd16a4fed94b54b86edf8ff003e18d9

    SHA256

    791dae997fe7563abcf143eccd8d5a5ffacf61ffcb0a5f4eb223b6540b6d5cf2

    SHA512

    93d14da77a9f282aec9e922f937a5efc553c9dfdfbf5a9eeeaa09528d35500c6413b614fb25b2e333c5c540414068de0d40bb5551970b9c1a84318ab6cc09937

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_OFF.GIF.7A96F109ECFAB02808A6CDC6A69B53BCE984DCE37ECF7E94A1FF0CD60A8B4F4D
    Filesize

    512B

    MD5

    49407a23bec4d58e3985c49e2f729838

    SHA1

    e01c98a77fc0b2c701d4267bf4407e211aa00feb

    SHA256

    8c1fad249b2de4845470b191e03484a826f5695ad8e05de8734dd0d52ddbd730

    SHA512

    0c883ceadac8338964df1457c84f188b28ffc3f021a22ec7a71afb34e0cdfe53a3ab4e781bca8de2ec466da1123ee69c3a75433cd576f2ebf9e7abc83ba4aac8

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_ON.GIF.7A96F109ECFAB02808A6CDC6A69B53BCE984DCE37ECF7E94A1FF0CD60A8B4F4D
    Filesize

    1KB

    MD5

    0e49105b13c65919116e7f94b4e2d613

    SHA1

    1c9c65282ca28f859e93b5423bf4c9c7195f9be4

    SHA256

    b8dbe4fa0a0f37be11d77cbc09195b775a9d4b6f3027f75f2919583de33d62c8

    SHA512

    1b05d925b3508e79f4903a4c654a500a7eca459e88db3554c28c4b38316c72d391b1ed27e38b6ddea10d5efb606caf753396433df5ffea3677053570ca153eac

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.NO.XML.7A96F109ECFAB02808A6CDC6A69B53BCE984DCE37ECF7E94A1FF0CD60A8B4F4D
    Filesize

    816B

    MD5

    ca83792ad5a35c894b5fc9100e9f63d4

    SHA1

    4b911bd927b0af5c3fc08a2b206ac4bdad579988

    SHA256

    62fd18feaad50937fcdc430facf6e579a36cd0301c2e8aa250b42c850866aa59

    SHA512

    cd4834037fbf7ad5a408f7bf5574e6f12435a977bdb5fe3f0a72f9382bf1f9befb731fa530b7c093449b6a32c257ed3d45446fae328e5cabf0f44bc88d38b07e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    28958650c19e2566ca061cd76962530f

    SHA1

    b330fb29a140b0f70fcbcb344b8512465e42484d

    SHA256

    32c2a7efa95712ee48177e0db102664455170a37da5c8b725a4927c601d930c3

    SHA512

    c6a4ed2d1d90935cc734be33db5b6cbeff7065d93a41fdd2d50455c63e6bb012eade3b541e8a6660caae3c66857696889e4567021c694840d587583252d9ba26

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    599e5df65f28f82dd2c514f20518c1ee

    SHA1

    e4f3b31d6484eebf421a2292c9c9d93431a60009

    SHA256

    10e9b9709824580a3638cc667ec17bed0d6fe0b81211b1f88011c6f5ab01d397

    SHA512

    f84cfdc44014e27af69577eb36a4c18623da5ff1be3ea157a1076102eb82a8036b9c5434519a7a4d97b0e10c6a9ea736ac6745c3f4eff6e28e690f28d7ba2976

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    133607f008b032ee23c996a784a35751

    SHA1

    9d050c7417cb53c771b7b8eaa098bf248ae2ddb0

    SHA256

    1d779608883a75f3a7f56d7703ddafae109ebd4d5b95ef37f6387ac0e53d85ab

    SHA512

    35d7cf99d139b4434a5d6bbe0ec011511779c685e768c91f6ae982d9e4532fef0f1ff2c54c4e7900b2218840be8afb43269edb5658c59deb4b9573aac394c887

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8e44e737416183a59b6102bfedd7e6b3

    SHA1

    7c7a0e906986a51bdffe9bf8f0cf725bd7763af2

    SHA256

    5e2a08a353f1174f6dcaaf152e82a71cf928d55669bd18809b057ec2d057a762

    SHA512

    497e961d84106dcde618be8d1b720c16a59775c8d43ae8b096d7e6dbf3ab317919a65b911de66ce7b64c29f10aa3d6b6aa7dc7bf4161f7269948f5036606c0db

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    399cf30d42318c00869a2d0ec3604187

    SHA1

    ecac8940e58aaaacb3547ef27c91475a1b94d20e

    SHA256

    ae40634da22c28888208f4b1e2f2a4eda86250edc8ca7f4eb2059334cf1d3e68

    SHA512

    bf21251925f9257ee8fb6f79a1098f2a4a43da95eb4ebd4e9e4344705df00ddba4bb5e6de3d6cdc9f293c88de98876e051a9a962a6f26a65591cc8c130c4e132

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ca42d00843f9a2309592866a39bc21b5

    SHA1

    e298eaefa89ee65810370c9218c90813a8361573

    SHA256

    dae1af5e1fc5d717e8ba5effbc638c782db70754dfe67e9ccdc022a290e6ef6b

    SHA512

    0dd452ade0bcb23a2f14a675cc6ebc545b44463e616a30756b46f2fe4eb2f0d2afc7d921d10bc16ae9e6a50e0959feee43b08c4515070876d0b5fa3fad99475c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    efc206c988cee1b7ce949926a70c2d7a

    SHA1

    94dd495f7d171d73ae3fbdedfe2d253553b665a0

    SHA256

    c8b1f82151fdf5d6288c6e224b77bdc080f10c8b152c518060e398a9fbcd4da3

    SHA512

    c4b296e0864c1af39519d7fde6c61d7a3c824474810548d54373d1be61d6de072e6a55ce3478ca4a939f11bce9f2dc65b72ef14ce648e4db323bade49adcacc9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fe25f866cea37cc0780b47fb0b293ac9

    SHA1

    37b846aa7bebd155ff1b80090de12f54a8dc3330

    SHA256

    8803616982a3fc04c5c0f85b9e0845e85cfe1ccef90b2a974bf4fedba1a157f3

    SHA512

    18718b7e6efbc56fdb0eb52ef38b05d38496e78c3f48d576d2a5871f583e2c2c35062b45c29fb25b49bc6c53572d2cc4679a342bb3efbdadd361bec33921a3cc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f03ade7f9889ff12b22ad0bdf0aef2a9

    SHA1

    d9793b38210c162e279f32170cef9a698beb117b

    SHA256

    6ae74755c94a0375d8c33772380a9afa579265cf3ef177ff9b406bc812f2977a

    SHA512

    ce7eeb663c0ea77152506de8af95f63b876eb51f367cdc9b35547ac24fe808c3a3cefa81a8f1210073fed57b9a024e793aab3d4871f558b3f4d75f75667f0973

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    31c443fc608b347966949a4f4ae713c1

    SHA1

    7564f9796f0a76963c4c9e2321bf7ed0fa93e794

    SHA256

    94c4671ce4eba375bc257a3d8a3f57f1712ba92e410460b19e21943fc87a158f

    SHA512

    2f01eecb6a9bd10efbd59e8691c42123dc9eadf41b98666877cb15493607bcd2f4ae4e9a68a5314d5d5492a22dc7d3b2593b6ea28f3c5b51bbfe5b7cc395ce92

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2c6aa64aee9a82461cab2d94c4990dbb

    SHA1

    3ffb9ca7cddfd0dbf7fa0cc51f8c0471ea1158ef

    SHA256

    7958c3d22f119e7278e01dabba90217fb51109a6c97478f887021207c37c05df

    SHA512

    feadc92e7d3b2bb71f9e0b4925e2a71e91eb4be8052739b3c11a03ed9d302b3f681cc7986c9ed0d1ed1b6f4b35e2cbc43ec4b8f5b7c7118c4b6bb2f7e959d990

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e9c3fbc46792abfed43b584627e5ad42

    SHA1

    ddb19393702492e5b9c55f8921337deaf8570b75

    SHA256

    5b0082b959a1bdf9b458d798593fe8112f4abb830128e54cd1239a0138584a31

    SHA512

    36a853b5a10e2b42f20f30a8655db2f76c4e9575c60ef5d8dd811c6a09db7339d49ab140a180c8323db3aeb2976df4f3c4fd3484151cbd7c972fa53ea29fe300

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2dbd58c639aee38876ec908e1e7a137f

    SHA1

    ea053bd7e888fd2c7bb0c48377aff63b1e7b9fc8

    SHA256

    4bc379faccb62bde6fef8960bd63f5d301588d7c732c55cca5f7e17a54d471e1

    SHA512

    ae0272d6a4d3bac8251edcedab0d276c59de13e2a8420e24780be14e6e2ce8ccd374965deaa06701c34d3ab289058f75ee365124612a675deaaeeb3a55866028

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabCCE1.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarCD82.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\~DF83C8382BF28E4198.TMP
    Filesize

    16KB

    MD5

    70ddd16fe93dc6f0ba9c0cc70a0ceb85

    SHA1

    ae94e04842528dd6f9d171c9160584f7fce61436

    SHA256

    b1be20b3ce4d242985c6f69553b50b0b5b40725cbf2223d43d1d5efbc1bcf8ca

    SHA512

    37e526b124f8b367d719515f9d16ee2f878ad19e8e3f05dba2f7c62491ea3f1e803e6951e0cd5ecc735b412e6608930a1dc40c20a3b21c20831bb9c6d91018c0

    Download Submit

  • memory/440-5380-0x0000000140000000-0x00000001405E8000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/440-5379-0x0000000140000000-0x00000001405E8000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/440-5378-0x0000000140000000-0x00000001405E8000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2676-56-0x0000000000590000-0x00000000005D0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2676-55-0x0000000073CE0000-0x00000000743CE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2676-54-0x00000000008E0000-0x000000000091C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2676-262-0x0000000073CE0000-0x00000000743CE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2676-270-0x0000000000590000-0x00000000005D0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2676-5376-0x0000000000590000-0x00000000005D0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2676-5377-0x0000000000590000-0x00000000005D0000-memory.dmp

    Filesize

    256KB

    Download