Overview

overview

10

Static

static

7

2.exe

windows7-x64

10

2.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    160s
  • max time network
    161s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    21-01-2024 10:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2.exe

  • Size

    414KB

  • MD5

    916e4754201356e2a084f47dfdd094ef

  • SHA1

    f7af62ac3e5735be89bd9ff5f65d4de1b228a26a

  • SHA256

    5fba614d8ac082c6d48dfab9d56aa77b479c5f4217b4ebf599b1c21d6d705b3f

  • SHA512

    b95bb9619edea8a9b58490ba49d9e3fb0ebb78652883772c379a2bd2efeeff5ec2e3b7e9068421a08d143b76ef915c59cfe98d91b183da4205964947746ae4c0

  • SSDEEP

    12288:oskc3tMDExu5XsnqH/m3RB2oQh/kf8C3:oW7xu5WqfYRAo+sf1

Score
10/10
infinitylockransomware

Malware Config

Signatures

  • InfinityLock Ransomware

    Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.

    ransomwareinfinitylock
  • .NET Reactor proctector 2 IoCs

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Drops file in Program Files directory 64 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2.exe
    "C:\Users\Admin\AppData\Local\Temp\2.exe"
    1⤵
    • Drops file in Program Files directory
    • Checks processor information in registry
    • Suspicious use of AdjustPrivilegeToken
    PID:1392

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_OFF.GIF.540A1F78F287E9F987C9AF347EB62FF3B3B5F227AF6A81867BE6B5D3CCBD2849
    Filesize

    352B

    MD5

    7d0b63d1bdd402b2140b1de0c8a313fd

    SHA1

    44c6ec3b1529fc8c20bcf5e66ec618cc93522c56

    SHA256

    b177fbd1e634db155b93f929169dd994fb9552d54128213d6617e47713068e73

    SHA512

    3bf54599bdd2ada9c5d4dab74ef92e31185add2c842a5f4c97eaa3c5cb1c94eaa89d20c464cb0730a37d353e39a9783e2ee70042ba17594e1a4d91e42fc4eaea

    Download Submit
  • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_ON.GIF.540A1F78F287E9F987C9AF347EB62FF3B3B5F227AF6A81867BE6B5D3CCBD2849
    Filesize

    224B

    MD5

    bbe9eb7909411c9af212d0fb7498c376

    SHA1

    e51acebd4838d3cf5c0dab9bede0fdeef313c99d

    SHA256

    da3e38b6bc0a7df26858577ab9bf36e46dd56784f03f026578e2469376f5e78e

    SHA512

    3fec8b7307305ef008311b0d22c1ff83f8e375e06902e4e9f4b807433e3507f55c0a5c97fd944bee734600ead226884a7d97b232c411d9e2ffe5400e54259ae2

    Download Submit
  • C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_F_COL.HXK.540A1F78F287E9F987C9AF347EB62FF3B3B5F227AF6A81867BE6B5D3CCBD2849
    Filesize

    128B

    MD5

    15277f50deac704347b6fc0bcf9717a4

    SHA1

    e5f0412edc10f60ec689efb7893b9dd2d80f5659

    SHA256

    cc4df019b242d0fbb5cfe42c0719839468a599af0fdc9cdac31426375d11d7f7

    SHA512

    695d0e030455e7e89b00196172b0259c7eeaf003fb3b2b638a30c6dbb2bc1d3748b9f9de372b3681aff4a9c6c897692d73969f3ee8abf8cdb6672fb887d9612a

    Download Submit
  • C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_K_COL.HXK.540A1F78F287E9F987C9AF347EB62FF3B3B5F227AF6A81867BE6B5D3CCBD2849
    Filesize

    128B

    MD5

    6d7f6702dda021956c3673ecc7f6d6cb

    SHA1

    70626de7168cd087a3b5a31e5d55f771b2962e26

    SHA256

    f952a85c6ee297912855e8e003a590bf981d9fbab569c3e98255bbd2dd3889cb

    SHA512

    c107d99f30bad3d74213911f1dd4c3a2ee134d144127549c17e3b08f7f3bc0e809524bc8a2c77d6caf6278fb786fc2f8b447533a474fc6d31e16c518776e2e00

    Download Submit
  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\BUTTON.GIF.540A1F78F287E9F987C9AF347EB62FF3B3B5F227AF6A81867BE6B5D3CCBD2849
    Filesize

    192B

    MD5

    2ba5f14bf2c6a52113827a4db35a0a91

    SHA1

    114a3ae3db837ea8602f850e3d54df8d6c2dfb2e

    SHA256

    5b77ff8809eefc06e422d08f64330df465bc95d1e50ecfee09ed642ee27e1172

    SHA512

    d1dd65ff5ce22dad29ba517e6045e5df206c9c6adac9dbcf46548831c8344e98f77351bca16f7c8118ccfdc7c4e012d91b153723342d10aa1ba38ceb27702165

    Download Submit
  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_OFF.GIF.540A1F78F287E9F987C9AF347EB62FF3B3B5F227AF6A81867BE6B5D3CCBD2849
    Filesize

    512B

    MD5

    1a5724cdc4c861a4e01c39a5109a1936

    SHA1

    62abcb5a03834929c41bd43b9e0bc653a342793c

    SHA256

    97943997878e2573fac5671f72b0d70bf5ecd2b15deb03bf06a32269fd373714

    SHA512

    138f93da03bf68db7845c3067fce513f2fd116526c73259ce32baa7f255fb89cf8bb0e96ddbc6af85ade659574f277412513ec3699ec37c29a2cbf7d066894a2

    Download Submit
  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_ON.GIF.540A1F78F287E9F987C9AF347EB62FF3B3B5F227AF6A81867BE6B5D3CCBD2849
    Filesize

    1KB

    MD5

    2fa8454a71a88e68b31b7e582df4c13c

    SHA1

    96daf53840c59e71a53859897d8919986c50c759

    SHA256

    7c1d908d783c58ff81fa50707348cff8d04019f9cf3651a381fb0c7274d4b306

    SHA512

    f004096b78df12398daf86286706df029fb57f955d534563eba283d11cc01153448edb823b0f90257a5ce00cda5b01711f7db5ad7123a56b9b9671987bd19914

    Download Submit
  • C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.NO.XML.540A1F78F287E9F987C9AF347EB62FF3B3B5F227AF6A81867BE6B5D3CCBD2849
    Filesize

    816B

    MD5

    00a5110da2f016a7b708ead44b4dfbd8

    SHA1

    7c300821ec6e91e3a77c45e2b6c6df58366cc5cb

    SHA256

    cf53437f0ab9e572769f0410355ffbfeeeb60fdf25d1d61604f4be579f824eeb

    SHA512

    3e20781a9f4d220ace93d926833b7a830f3dc99fc0f2bafaa33548b1a82d790b5ee2baec8ae93f66441c878a8bfc634f50f73dbdb0895c70d8b4f0e40724bc4d

    Download Submit
  • memory/1392-4-0x0000000000900000-0x000000000092E000-memory.dmp
    Filesize

    184KB

    Download
  • memory/1392-3163-0x0000000004EF0000-0x0000000004F30000-memory.dmp
    Filesize

    256KB

    Download
  • memory/1392-3046-0x0000000004EF0000-0x0000000004F30000-memory.dmp
    Filesize

    256KB

    Download
  • memory/1392-2985-0x00000000749F0000-0x00000000750DE000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/1392-5-0x0000000004EF0000-0x0000000004F30000-memory.dmp
    Filesize

    256KB

    Download
  • memory/1392-0-0x0000000001180000-0x00000000011EC000-memory.dmp
    Filesize

    432KB

    Download
  • memory/1392-3-0x00000000001E0000-0x00000000001E1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1392-2-0x0000000004EF0000-0x0000000004F30000-memory.dmp
    Filesize

    256KB

    Download
  • memory/1392-1-0x00000000749F0000-0x00000000750DE000-memory.dmp
    Filesize

    6.9MB

    Download