Overview

overview

10

Static

static

3

f5d002bfe8...bf.exe

windows7-x64

10

f5d002bfe8...bf.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    02-03-2024 20:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf.exe

  • Size

    211KB

  • MD5

    b805db8f6a84475ef76b795b0d1ed6ae

  • SHA1

    7711cb4873e58b7adcf2a2b047b090e78d10c75b

  • SHA256

    f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf

  • SHA512

    62a2c329b43d186c4c602c5f63efc8d2657aa956f21184334263e4f6d0204d7c31f86bda6e85e65e3b99b891c1630d805b70997731c174f6081ecc367ccf9416

  • SSDEEP

    1536:YoCFfC303p22fkZrRQpnqjoi7l832fbu9ZXILwVENbM:rCVC303p22sZrRQpnviB832Du9WMON

Score
10/10
infinitylockransomware

Malware Config

Signatures

  • InfinityLock Ransomware

    Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.

    ransomwareinfinitylock
  • Drops file in Program Files directory 64 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf.exe
    "C:\Users\Admin\AppData\Local\Temp\f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf.exe"
    1⤵
    • Drops file in Program Files directory
    • Checks processor information in registry
    • Suspicious use of AdjustPrivilegeToken
    PID:2364

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_OFF.GIF.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792
    Filesize

    352B

    MD5

    543e3b3e707836da4114bdcd155af95f

    SHA1

    882bf47c72f632afc2b75260614d30d9c4f66441

    SHA256

    7e73c7e826fbd4f75772b21dc6870682a1e8df47a9d804af3a4113bdef520957

    SHA512

    6bf6364e400ad65ee93bfb106cb63847e75773a515e87ab8257536381e26a15a2cee20af9ea052a2102e3ce7e850ed2aa19ba76b56cc43e5d5d0c99abf25435e

    Download Submit
  • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_ON.GIF.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792
    Filesize

    224B

    MD5

    3415ab250c181660a4b3e8eef7c8fede

    SHA1

    d0218720eda445665da6c13872266b7cf1124777

    SHA256

    f69d60fcdc6c952b85c5560ec59252f2b03662cba13dd05822b4b4eaa3594b5d

    SHA512

    fb28c30a113c587bc517045efb61b46ae99091a6f8c5d595c4369f84105e16ed125ac61f96435ff9091c0e4e3fef0040a9d4b54a89a11d8e869916e5346c7e55

    Download Submit
  • C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_F_COL.HXK.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792
    Filesize

    128B

    MD5

    c05b787f3f06a48edb44bdc336c6360a

    SHA1

    2b453cdd2e8e93c6e693fd9f1be5d23960e2d2ad

    SHA256

    fd71e5de76b6f7dc06051a7a8e5269050ab45479833ad534341205ea9a2684ca

    SHA512

    f6e94d0f24858cb9f5c1df3151266272e959e8d8f2c06abff7efab7710b3f9d314cd5b4f07c3bf7a034ce09a84ba17470358b395e7380e68b4f87ab93a779b90

    Download Submit
  • C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_K_COL.HXK.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792
    Filesize

    128B

    MD5

    234513ff915776884fed4b838085b4b6

    SHA1

    74c74f5368db7e6b831896aea623290fa9b23ea4

    SHA256

    545a9d855013bada3c28f25c26df4343addd546ed6dbe195ba8caa45a4dad2b3

    SHA512

    cef46db1d5bc8e1458461534ce6c48ecff9ef4e177e00039f35b4aba8e344d2e2497cdc7ea626bf6b25f6d2156363921e33db901abf52eb937817a50e63faba2

    Download Submit
  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\BUTTON.GIF.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792
    Filesize

    192B

    MD5

    bf8da1961387443b93c1831b708fb313

    SHA1

    f0fb02af0f67562875bb351da8c98e86b1012db1

    SHA256

    8ab3a414a414488085a1c41ee16c62c2c91e4f21d58c8d5eb40184d63a4763f5

    SHA512

    6092d446be995f81749ff543aa785264c9e748db1068386ddc1e0d115656166b80d2d34ed6fe83e2d2633efdf137511fed31e9f2bb32c890867324d1588cbd18

    Download Submit
  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_OFF.GIF.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792
    Filesize

    512B

    MD5

    f1b1bce26f26c6611b73331ee3be50bc

    SHA1

    19f4f6b40c97d4f63301322698885077d1d04b42

    SHA256

    99472e4c32f8c82392834e0738e22c8d3fd120f1cf76885651cf428a0ceae099

    SHA512

    0db52c92c42d1cca28137d6377401d3a0d0cf8ac8e1a03b8591526f3e366627ccf6e21a1b06e2cab33834c4df579f679e90446ccc38c9114d07265bd75327202

    Download Submit
  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_ON.GIF.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792
    Filesize

    1KB

    MD5

    3da2d2b747630bd21035e0aee4bdaa5f

    SHA1

    64daf7e4842bbd20bc296c296427280f2e0bf987

    SHA256

    cd6823cb1635db616edf9383a8c674653002b30d063b7775121a842b0cdcf392

    SHA512

    385258ff7ce5ad6b4f0b8f6283585108a00085e1c752d84539566381ce03a1b4b8f93e8e9eca9a25fcf4297b036b287ee7488e0c9b0ed22bbc92048cd5c703b9

    Download Submit
  • C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.NO.XML.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792
    Filesize

    816B

    MD5

    a64f395a05d796542de29619c3e35d61

    SHA1

    8d66198341d715f01433ec92a3eadad46d282e14

    SHA256

    3059c675ea05f83ab1afad652835d994b55461765c38510d9821cae8056df79b

    SHA512

    3a068d218cf22b9ef9b4148aaddea61efa1aa425fa87ceadc880c8f102a5b75e4bfa3c77ada8e7f746917520140fcb3447bd1bb83a7e49bf9dcc52cd1e395eb0

    Download Submit
  • memory/2364-0-0x0000000000320000-0x000000000035C000-memory.dmp
    Filesize

    240KB

    Download
  • memory/2364-3238-0x00000000744D0000-0x0000000074BBE000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/2364-2-0x0000000000550000-0x0000000000590000-memory.dmp
    Filesize

    256KB

    Download
  • memory/2364-1-0x00000000744D0000-0x0000000074BBE000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/2364-3695-0x0000000000550000-0x0000000000590000-memory.dmp
    Filesize

    256KB

    Download
  • memory/2364-5336-0x0000000000550000-0x0000000000590000-memory.dmp
    Filesize

    256KB

    Download