Overview

overview

10

Static

static

3

Ransomware...pt.exe

windows7-x64

10

Ransomware...pt.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    839s
  • max time network
    848s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    10-08-2023 19:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Ransomware.InfinityCrypt.exe

  • Size

    211KB

  • MD5

    b805db8f6a84475ef76b795b0d1ed6ae

  • SHA1

    7711cb4873e58b7adcf2a2b047b090e78d10c75b

  • SHA256

    f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf

  • SHA512

    62a2c329b43d186c4c602c5f63efc8d2657aa956f21184334263e4f6d0204d7c31f86bda6e85e65e3b99b891c1630d805b70997731c174f6081ecc367ccf9416

  • SSDEEP

    1536:YoCFfC303p22fkZrRQpnqjoi7l832fbu9ZXILwVENbM:rCVC303p22sZrRQpnviB832Du9WMON

Score
10/10
infinitylockransomware

Malware Config

Signatures

  • InfinityLock Ransomware

    Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.

    ransomwareinfinitylock
  • Drops file in Program Files directory 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Ransomware.InfinityCrypt.exe
    "C:\Users\Admin\AppData\Local\Temp\Ransomware.InfinityCrypt.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of AdjustPrivilegeToken
    PID:2556

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_OFF.GIF.58F47E0BB093D4ABAA43BCC7E636ED749CD76A064B10E4FD3D0F0DF7ABBB7DEF
    Filesize

    352B

    MD5

    58ff4287706e1172618abf710cd3250d

    SHA1

    1cef918ffc7bda722a2fe11632ddbaf37d015e83

    SHA256

    6c1dd04162a0bd5c8bf18814bd6d4714011537ecd4cc91c66dcc0a7812b0234e

    SHA512

    b216550ac63986b8a6e8656b132acbab3b9e75efe1329bdd45a6fdebc3e5182522c17a49ba54fc4f05782522b407cee46d44cdb59eb6cff2dc6568c02e2efa86

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_ON.GIF.58F47E0BB093D4ABAA43BCC7E636ED749CD76A064B10E4FD3D0F0DF7ABBB7DEF
    Filesize

    224B

    MD5

    720b702fc4a087f232f7343df4616707

    SHA1

    e98f432b59c29963798032efc1b630b515bc193b

    SHA256

    3292dbf24a0f47682ed7500a14dfc7d1c481f0f48bd8f8648c55ef180a9b9917

    SHA512

    058aff532c82860e6123f567b0d0e55230dba979844c43e953c1e15c191d1ddde9dfa400a3f5d8292619f04710ebfdfcad31b81d8e0d8d352b92c6a61bcc3bd0

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_F_COL.HXK.58F47E0BB093D4ABAA43BCC7E636ED749CD76A064B10E4FD3D0F0DF7ABBB7DEF
    Filesize

    128B

    MD5

    edb7019fc122e389724b4289b6f0f3a4

    SHA1

    d1cf373de3584569f7b5d0fd426cfca6d2545a31

    SHA256

    19f868d0181df324564fd418db7a671db0696bf2a14bea510c9c04da9914b526

    SHA512

    7eb797f97edbf75f16d64a66d6e2f9af93f409a4cab618c7029a97bbc3b493be47eea8522b4587f743dfce3f65e937c06f074138e24862a4c8236789047b4264

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_K_COL.HXK.58F47E0BB093D4ABAA43BCC7E636ED749CD76A064B10E4FD3D0F0DF7ABBB7DEF
    Filesize

    128B

    MD5

    f311a99452810d13a847059fc5077c44

    SHA1

    1ab0a6e5f9f63016198c175b8b81cc304e6981c0

    SHA256

    cb7852dd1308888850891ca01b375fd37eca532d590fc91c36213f3bb6f30888

    SHA512

    4be80179b3e3712eb17191bab8a5b1622ea0445e1d11bd30239dd048150486138e2ba53b8f4d68bdefbb7b58ff836528625553eda1a736f3a12371da8cc20d60

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\BUTTON.GIF.58F47E0BB093D4ABAA43BCC7E636ED749CD76A064B10E4FD3D0F0DF7ABBB7DEF
    Filesize

    192B

    MD5

    63ae1d466f43c0ca865a8d98f213cdb0

    SHA1

    52405a6664a0dd7f209bdb2dc35ac1ee7c1161f3

    SHA256

    4a4e4ac0894f2325e684e61af20dd3c1033289ae417a67beee18b475f821f8a6

    SHA512

    b9317f85814e5ae0ce70a6827e61a0fede9e87a6ae38c9e51e11d6f2e023af16859bf2a09b582670711cd4b9ca9a1926aeddc058de23be9bdcacf84bef8deb26

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_OFF.GIF.58F47E0BB093D4ABAA43BCC7E636ED749CD76A064B10E4FD3D0F0DF7ABBB7DEF
    Filesize

    512B

    MD5

    5818e637aadba3081df2db6b2514c6de

    SHA1

    44c5c8635125cbc497d76d187e7c42c6b278e532

    SHA256

    8ea199d9311d82379dd91f746bad67aacf2e3cd61be7fd942d19e69df631e6c4

    SHA512

    24eb62434362e1ce737a185f160c2f0a52998dcfa7c58bc80c9538aa29fc96c794f7c2536ff25cdfdfcbef55697349174da137216310be94b9a729f630ac5ff6

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_ON.GIF.58F47E0BB093D4ABAA43BCC7E636ED749CD76A064B10E4FD3D0F0DF7ABBB7DEF
    Filesize

    1KB

    MD5

    ce1ee515cacd6418d1a026e910719690

    SHA1

    a57023c4af8e305d4991f8b2956baa73ae935019

    SHA256

    0a0ce204967353d6c2e1a24f1a8aaed258d00f19dc9e2b447492ef28a6a11529

    SHA512

    982087e5e0066ddeeedf3c1bb9fbca79287942ad48511107b7dd2734cee82343e81894478953d5755b3fb10e3a2d40993e38e07584187c1064a3a0c2f99e4190

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.NO.XML.58F47E0BB093D4ABAA43BCC7E636ED749CD76A064B10E4FD3D0F0DF7ABBB7DEF
    Filesize

    816B

    MD5

    ea8e96ab933b3e93088cf5347ca087bc

    SHA1

    910d021e381d332199caf9dc3672b33cb9c03f18

    SHA256

    aa26b2fbb9d48abc242e0ae3cefcd985862bf500a54d08b1c9913e46aae63b0d

    SHA512

    57735a6ed2555540b7a7dd9bbcd7ebca00f5c40361bb3aee7f47ba5fad311a01ab9d3918ec30ad379e85d5bc3d22535a5b813e544dff6da2599d08ca94ea0eb9

    Download Submit

  • memory/2556-263-0x0000000004E00000-0x0000000004E40000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2556-246-0x00000000740F0000-0x00000000747DE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2556-56-0x0000000004E00000-0x0000000004E40000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2556-55-0x00000000740F0000-0x00000000747DE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2556-54-0x0000000001240000-0x000000000127C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2556-5396-0x0000000004E00000-0x0000000004E40000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2556-5397-0x0000000004E00000-0x0000000004E40000-memory.dmp

    Filesize

    256KB

    Download