Overview

overview

10

Static

static

3

Endermanch...pt.exe

windows7-x64

10

Endermanch...pt.exe

windows10-2004-x64

10

Resubmissions

07-01-2024 02:01

240107-cftl8acccn 10

07-01-2024 01:59

240107-cedjlsdfd9 4

Analysis

  • max time kernel
    1564s
  • max time network
    1569s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    07-01-2024 02:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    [email protected]

  • Size

    211KB

  • MD5

    b805db8f6a84475ef76b795b0d1ed6ae

  • SHA1

    7711cb4873e58b7adcf2a2b047b090e78d10c75b

  • SHA256

    f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf

  • SHA512

    62a2c329b43d186c4c602c5f63efc8d2657aa956f21184334263e4f6d0204d7c31f86bda6e85e65e3b99b891c1630d805b70997731c174f6081ecc367ccf9416

  • SSDEEP

    1536:YoCFfC303p22fkZrRQpnqjoi7l832fbu9ZXILwVENbM:rCVC303p22sZrRQpnviB832Du9WMON

Score
10/10
infinitylockransomware

Malware Config

Signatures

  • InfinityLock Ransomware

    Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.

    ransomwareinfinitylock
  • Drops file in Program Files directory 64 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\[email protected]
    "C:\Users\Admin\AppData\Local\Temp\[email protected]"
    1⤵
    • Drops file in Program Files directory
    • Checks processor information in registry
    • Suspicious use of AdjustPrivilegeToken
    PID:1588

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_OFF.GIF.F1B7F7B538468EC53B584544F1A182D41D1CF810E0BF6F7A987BFE5D8581F319
    Filesize

    352B

    MD5

    0a105944e82beea2bd741041cabc4ab6

    SHA1

    928eeff82d3164f9d4eb49430a3f76e37d8b1a8b

    SHA256

    a86cd574cd819aae7d7af99e26779ce041be11be1949a32ccf3f33e06fcb512f

    SHA512

    8f4e0d057452844838c113e707512658f2ef1ae6a900f4586d59c0655d9c6609b8c62079152f353e5491f3c660df47983c86f313ea61c2c70209be6712a9a0fe

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_ON.GIF.F1B7F7B538468EC53B584544F1A182D41D1CF810E0BF6F7A987BFE5D8581F319
    Filesize

    224B

    MD5

    30c0b2d2826b0a6b4b092b5973ac4b32

    SHA1

    f078dba3227a6354874149d9309963a4b8a85ad8

    SHA256

    e4df4533564d3bc1582acd26a90fbf8ee259e84beba2f46ba896eb105dd02944

    SHA512

    57c6976d86b33298c8a51336346e480b508aad361bb2c8a5dd27c125b42f5f997224868f3d397652b39a207aac634a724241ac15d16d46a0a377c3599cd821f6

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_F_COL.HXK.F1B7F7B538468EC53B584544F1A182D41D1CF810E0BF6F7A987BFE5D8581F319
    Filesize

    128B

    MD5

    b5de48c49d2afc7b6a25102d5bdc7e2a

    SHA1

    37a9f3f3d99c3152d6b57dab14e406574329ed94

    SHA256

    4ad19672572e3640296b2dc64b8e331b309f4e373df542c606d2d9d27a6c1b43

    SHA512

    25012eda79e6ece2b5afdd74bdcdddcd9034a9f59c2187b34b1bb675ea74b78d9780a21aba8b75e7cfb5288bb0dd9feaec485526e4a16acb07d6492fc6f3dd05

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_K_COL.HXK.F1B7F7B538468EC53B584544F1A182D41D1CF810E0BF6F7A987BFE5D8581F319
    Filesize

    128B

    MD5

    1731b11eacc697a9b96f587ef2b0272f

    SHA1

    06f901e0c13bbbeeec96395b057e14cf8d7db86c

    SHA256

    8fddba35992f49fa9e33505b57347889b2c46e0fff0526e098060f2ed84d1b0e

    SHA512

    0cbecaec7b605dfd582985223558fd40fe7ddf95c79dff35ac468e2016723441c9b3b08f638d0462724d4fc8cb64cedbd77e5ea62bc0087987ff6033099fa7ac

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\BUTTON.GIF.F1B7F7B538468EC53B584544F1A182D41D1CF810E0BF6F7A987BFE5D8581F319
    Filesize

    192B

    MD5

    85548c2e7c341bfa2e533717598f0669

    SHA1

    a85b60d75e688b1b85c54489a55d38ced8d62d42

    SHA256

    e07d158a7085426942adb80ed3c580d7aa0e044df868d7bec5c4c05c346fe970

    SHA512

    7576b79d7ad585c87f540a951b4ea404b874c5fff9f68b769ee12bdb40ae535574da7cf0687bbb61a41e60189058511be64e2d72c55e36c951645fd52f52699a

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_OFF.GIF.F1B7F7B538468EC53B584544F1A182D41D1CF810E0BF6F7A987BFE5D8581F319
    Filesize

    512B

    MD5

    b19c14bcb625242a487a072e566aa3df

    SHA1

    ea929e31b84258ab269759e7cc8f2bf7609fd960

    SHA256

    b52736e4a95ddde49136a626f6d4111845d3bb9cef10308ae60446340d249d78

    SHA512

    6d25280ee0471357868f24d254da19539aed8aca387dd10c397d0221ba07f2725ce75420e07171c41511392dda8babf2e6750d7c2b6d853f8ff05d114554c70c

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_ON.GIF.F1B7F7B538468EC53B584544F1A182D41D1CF810E0BF6F7A987BFE5D8581F319
    Filesize

    1KB

    MD5

    9566cc7f299a9d3c01588254119f4b26

    SHA1

    88b5bb0770dd7caa91900db2273c489f63dba05c

    SHA256

    eb2bc9c9ed848fd10ac8bf22c963ca6e4e57ad05f837ba29b769639b672ac30d

    SHA512

    a636acf25d87e87a088db0ffd91d728c763c1dc884f27cf7a899883e8302f02001662a95e951ed6a977cd84ef51adb496c398c5d40f3a3ee0c8a6c07164ed435

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.NO.XML.F1B7F7B538468EC53B584544F1A182D41D1CF810E0BF6F7A987BFE5D8581F319
    Filesize

    816B

    MD5

    118bd3fcb5b0f751c0965c2fdd7c6006

    SHA1

    cdf0b2e4b5d41d01cff6db09d4c6e3bd6fde8fe5

    SHA256

    05f5ad98beff882e5230e4f9b9c8707e9ff3fb2c793d052e1d957f3680e89616

    SHA512

    b9f70df06aed2c746104b38592948ee8b82dc5b29a4c5e6ea62dbda4b54e6ae69663e5aa06c5d276f1b77681da8df80572c19c8b75c9b42213eb358c2590ece7

    Download Submit

  • memory/1588-508-0x0000000000370000-0x00000000003B0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1588-499-0x0000000073F70000-0x000000007465E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1588-2-0x0000000000370000-0x00000000003B0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1588-1-0x0000000073F70000-0x000000007465E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1588-0-0x0000000000F00000-0x0000000000F3C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/1588-5335-0x0000000000370000-0x00000000003B0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1588-5336-0x0000000000370000-0x00000000003B0000-memory.dmp

    Filesize

    256KB

    Download