Overview

overview

10

Static

static

3

Endermanch...pt.exe

windows7-x64

10

Endermanch...pt.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    1556s
  • max time network
    1559s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    11-02-2024 09:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    [email protected]

  • Size

    211KB

  • MD5

    b805db8f6a84475ef76b795b0d1ed6ae

  • SHA1

    7711cb4873e58b7adcf2a2b047b090e78d10c75b

  • SHA256

    f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf

  • SHA512

    62a2c329b43d186c4c602c5f63efc8d2657aa956f21184334263e4f6d0204d7c31f86bda6e85e65e3b99b891c1630d805b70997731c174f6081ecc367ccf9416

  • SSDEEP

    1536:YoCFfC303p22fkZrRQpnqjoi7l832fbu9ZXILwVENbM:rCVC303p22sZrRQpnviB832Du9WMON

Score
10/10
infinitylockransomware

Malware Config

Signatures

  • InfinityLock Ransomware

    Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.

    ransomwareinfinitylock
  • Drops file in Program Files directory 64 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\[email protected]
    "C:\Users\Admin\AppData\Local\Temp\[email protected]"
    1⤵
    • Drops file in Program Files directory
    • Checks processor information in registry
    • Suspicious use of AdjustPrivilegeToken
    PID:828
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:2752

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_OFF.GIF.C888A28F43F10869C0A0A3CE16C22F8A68963B516D24AAECCDE12E8A4CC31648
      Filesize

      352B

      MD5

      4790213d35ae3e36782a9487ef88c2ab

      SHA1

      9c2ec489b1e92e1d0a4129af010d59116a0f078b

      SHA256

      17beb066d6df7fd2db6a6e097df39be77c4a68fbf4a90c58894210900e079cbb

      SHA512

      72e0063cc49628e5d7388e340ad3d7d9313589a2c329873109f68208e08d3bf40fcbd67c892f5f97881825b043e2b35c6907615601bf05983362458374710112

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_ON.GIF.C888A28F43F10869C0A0A3CE16C22F8A68963B516D24AAECCDE12E8A4CC31648
      Filesize

      224B

      MD5

      4d613f698d7a436abc4539d04817b23f

      SHA1

      6a9ba3361119880f25137b6ce4e7295ac1963e9c

      SHA256

      469a8ddd182dfe22610a5f04dfe023c22d40126d7c1e8032958f4acf49fed717

      SHA512

      dc9284c3b4ff9abffaac2b235634a851e9366f237e8364dfcdfee13978bcf1925e0d11edb46f386d54e05cec7a4c9ecf993549b1b015395a34d710e4b80e4734

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_F_COL.HXK.C888A28F43F10869C0A0A3CE16C22F8A68963B516D24AAECCDE12E8A4CC31648
      Filesize

      128B

      MD5

      dda3f0830bef27f6cd5d8741f2227897

      SHA1

      c10df3429dc81f42581c6a7848198b5f9b2b0877

      SHA256

      4a0255b72e5140b1d29f06d06f15d37f212cfb3fe989e7abca5d95e341afdf5e

      SHA512

      f9b4343871fe43d47843e6fcd8fb45899532f60a3205b926301981f9dc98e275daf66e2a6322fcdf66aa07e425c7538e5b5cbb93d19582c2076606ce3917f3dd

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_K_COL.HXK.C888A28F43F10869C0A0A3CE16C22F8A68963B516D24AAECCDE12E8A4CC31648
      Filesize

      128B

      MD5

      402bb50553800b7cdbe9ee14915959a2

      SHA1

      cec15b0345463864922c8e4f815349be7090de3d

      SHA256

      0d17fa2a056c2399a2d25f0a9ed8ed262b4ff66608d4b1b35e5e0df79a968f16

      SHA512

      019b98a51e380d73e8e2687244fe8199a703c920e3ec6b2746859a2cc4bf5ed85ef910ea392c26b0be07c52cf7b7b0aa00ab9dce10dcfc3fc34062958d70267f

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\BUTTON.GIF.C888A28F43F10869C0A0A3CE16C22F8A68963B516D24AAECCDE12E8A4CC31648
      Filesize

      192B

      MD5

      7c363538ec3361cfe7a871baf67e0824

      SHA1

      9656cdbaa9ad2ab8ad587f08d8160da443e343a4

      SHA256

      7c32e9352efce3600eb8b5fc68703b354f6b560b5d110b7eaeba8cbb300dba70

      SHA512

      9709a69fd1802f5370d19296948e551140a37ca06ce06efeebd8674656f8585241200ee167000ea4516896fafaf8cfaeaa76d4a94eed302d3e698742e8e6a247

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_OFF.GIF.C888A28F43F10869C0A0A3CE16C22F8A68963B516D24AAECCDE12E8A4CC31648
      Filesize

      512B

      MD5

      9ed99ec90d631e23e73b7122288673d1

      SHA1

      260fd1ac16a7c2e08a5ce6756a9b7633d2cfc8e6

      SHA256

      f90f4481beac0875320bbb748f5370b54dd214c3a1efe976291115796024d73f

      SHA512

      e1b206f8db09a33dbd621f0b7bb106eba5964d02cb44220e6cca082c06cdda9ce8cf244095b6ac71b43576bb5ebc38384f211cfbff24ea18d5c8d119f9411d33

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_ON.GIF.C888A28F43F10869C0A0A3CE16C22F8A68963B516D24AAECCDE12E8A4CC31648
      Filesize

      1KB

      MD5

      302a9e2b0abff4dab5a2632e1ec3d667

      SHA1

      3ec0f93ab9bb0f8af528e8bcfdf5900f68f9b4a7

      SHA256

      e5151e61fed1c4e6f40ae14a3c79e99484fd4ef5a6d254e7d6ca36e1d806d33c

      SHA512

      926c0d895ec487bbc0bd9cf34e2af62ce0d8660623df4209b4c3920e4f4a12a22e5189f4c574510402a7e18a621c2dcda5e5c7bf7417df525f14195b85c98d94

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.NO.XML.C888A28F43F10869C0A0A3CE16C22F8A68963B516D24AAECCDE12E8A4CC31648
      Filesize

      816B

      MD5

      f751a12cc822ca7f168e614eeef4b5b2

      SHA1

      6eb99191895665782f69d70ad406945f86273927

      SHA256

      584d0b4fcdeefc25e4364148a9f6f9e886056d3044e99e61cd5fc4ae9fc65b5a

      SHA512

      5e3da9f3dddc44dac2a12b1eb454939f6592ed08f239289f650e5e927ca562caf91dfadb14042c2e2f5bb557f6c13bfe37eea3b4038f680e43f9ee2ad53f8de4

      Download Submit

    • memory/828-560-0x00000000049F0000-0x0000000004A30000-memory.dmp

      Filesize

      256KB

      Download

    • memory/828-499-0x00000000749C0000-0x00000000750AE000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/828-2-0x00000000049F0000-0x0000000004A30000-memory.dmp

      Filesize

      256KB

      Download

    • memory/828-1-0x00000000749C0000-0x00000000750AE000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/828-0-0x00000000012F0000-0x000000000132C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/828-5310-0x00000000049F0000-0x0000000004A30000-memory.dmp

      Filesize

      256KB

      Download

    • memory/828-5311-0x00000000049F0000-0x0000000004A30000-memory.dmp

      Filesize

      256KB

      Download