Analysis
-
max time kernel
117s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
03-03-2024 01:34
General
-
Target
Ransomware/InfinityCrypt.exe
-
Size
211KB
-
MD5
b805db8f6a84475ef76b795b0d1ed6ae
-
SHA1
7711cb4873e58b7adcf2a2b047b090e78d10c75b
-
SHA256
f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf
-
SHA512
62a2c329b43d186c4c602c5f63efc8d2657aa956f21184334263e4f6d0204d7c31f86bda6e85e65e3b99b891c1630d805b70997731c174f6081ecc367ccf9416
-
SSDEEP
1536:YoCFfC303p22fkZrRQpnqjoi7l832fbu9ZXILwVENbM:rCVC303p22sZrRQpnviB832Du9WMON
Malware Config
Signatures
-
InfinityLock Ransomware
Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.
-
Drops file in Program Files directory 64 IoCs
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Ransomware\InfinityCrypt.exe"C:\Users\Admin\AppData\Local\Temp\Ransomware\InfinityCrypt.exe"1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_OFF.GIF.F3058DA1219E82B6FCD803C4549092876CDADCD04F59A1820341737E03C95E79Filesize
352B
MD594f899f4bbd355ad13fcb0ea08d0d1f7
SHA1e36380d407701f7aded2f9c9454f9dff2e2366d4
SHA25693fd55d0da2af6366b6545fdc684b486f678133b4fcf14139c157b099a79cdd2
SHA51272310afe3905b1af289616b97f84c456541c66ce5ac86cf81736a85a7f25d9e62cf834e9a41017ae61500ec2abd20a228e1a60299b47fc1b5b08f23269e09eea
-
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_ON.GIF.F3058DA1219E82B6FCD803C4549092876CDADCD04F59A1820341737E03C95E79Filesize
224B
MD5cecff006f7b903ee9860641c731a9dcf
SHA1ec598015908c67b758c73f45e408c3c80d2b8612
SHA256f24a7c3fae3744510b63ba08f81cbe2958f451d6bd40ba287c839071b47c3a40
SHA5120b48eb4140763723b205182eb1549bc859c77524e590f0c1b226bf2cf22cf92ea525cdbac6a65bd2253897cec0cf1ee268bdf3c43fc8ea8ef6b1d0fe988f1941
-
C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_F_COL.HXK.F3058DA1219E82B6FCD803C4549092876CDADCD04F59A1820341737E03C95E79Filesize
128B
MD5086a9fc7d76ae74ed689aa0db63c19e1
SHA1f3346809fc2287c7fa6cc1d21949492d4b64104b
SHA256e3a7927acfba9e5701a1d84e95f59f8e9e173386ad7dd4061f4a31bb30d9c557
SHA512b3f25ff512788eb21a3c8590f48ad0f1e68cbecd54cd2c4b61d1aa73bf20d11b5b75a7cdd996163d864f779d9bd8e838a1f4dc172ae152c4df7df1060cba3848
-
C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_K_COL.HXK.F3058DA1219E82B6FCD803C4549092876CDADCD04F59A1820341737E03C95E79Filesize
128B
MD54e1b7833560e0c6d00804b6ae83d6a69
SHA11b39a768c4551ed459bf16371424b8e642d07c98
SHA256086ef3cf7e4e6a6b65d3dfe7da43c8f7f0c9c880e22dcf56e4610d06555098d4
SHA51201a7a30a2a14429476c5638be6f8871e19c13eb3e118f5a1b7b4c5e4eefc80fefe0dfff04ded255d2627466fa4c213c65373dab813c4b54d490fd563031f84cc
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\BUTTON.GIF.F3058DA1219E82B6FCD803C4549092876CDADCD04F59A1820341737E03C95E79Filesize
192B
MD56a0e1211705e05d156f67d35e4670bad
SHA1bceff5a7d1cd13aadc9ee8cece773251e4e1eed3
SHA2568b7ecf5aa1e9fff71feced45a664ab10f892e02c0212738488fa2d165e1af907
SHA5125d91279423710623f0e45897fd3a71e756d8667f4363fe03ebd5d5450b8683741d731fb5efb853ba5b47789b89993844892abbe66645b5bfb1ea12014616536a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_OFF.GIF.F3058DA1219E82B6FCD803C4549092876CDADCD04F59A1820341737E03C95E79Filesize
512B
MD529ba8d84e094663ec8d63555c5bffd29
SHA13af9b4878b37092be345d221a8ea3a2b3e360f78
SHA256934b1ed6e89e89a46aadfe745aab1bea2c73c82afeedcbae30925ae0b8ab2ff2
SHA5120c7593112b1a9a7cf2ace9ff74cf571e38178d650a3e16f01f3012f483540f5ca3ac225339c51459d49c4a7c6fca8a5fe58ddbe6dda71a8e2fba19e2423fec33
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_ON.GIF.F3058DA1219E82B6FCD803C4549092876CDADCD04F59A1820341737E03C95E79Filesize
1KB
MD59b0008e7d4c3136770f0f141d3ca1c30
SHA112dd9c253f1843a1514260140e2af1135e9cad51
SHA25688246a7abd4274a76b6f6b15d03edb0f43ce71e981c3d070cf1bad608423ced0
SHA512304fed28186b0f19307b668160e64219d9dce9b575afcb55bb02e1436e7b6c7b2cda51f0459f166431b0281bfcf4bc619064a3cae33018a4e038d67554794312
-
C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.NO.XML.F3058DA1219E82B6FCD803C4549092876CDADCD04F59A1820341737E03C95E79Filesize
816B
MD5575629df74d00c79918a41a1088dda00
SHA1fb7278c1a0bd2cfff0fbc8c536ce22dfc61ccd18
SHA256d811f153b5ca61d52d6f0fec56226bb81507eb676a3be86462af4f05f1fbf1d8
SHA512a987e4170a65cef0e23d31608c0c78030d9b7af8ada7a664ef8f6cb42f05b4d62ea6912e13c23f4946764d095938817851122c065488e04605455314d1a274dc
-
memory/2156-3144-0x00000000743E0000-0x0000000074ACE000-memory.dmpFilesize
6.9MB
-
memory/2156-3306-0x0000000004FD0000-0x0000000005010000-memory.dmpFilesize
256KB
-
memory/2156-0-0x0000000000970000-0x00000000009AC000-memory.dmpFilesize
240KB
-
memory/2156-2-0x0000000004FD0000-0x0000000005010000-memory.dmpFilesize
256KB
-
memory/2156-1-0x00000000743E0000-0x0000000074ACE000-memory.dmpFilesize
6.9MB
-
memory/2156-5350-0x0000000004FD0000-0x0000000005010000-memory.dmpFilesize
256KB
