Overview

overview

10

Static

static

10

ransomware...3n.exe

windows7-x64

ransomware...3n.exe

windows10-2004-x64

ransomware...le.exe

windows7-x64

ransomware...le.exe

windows10-2004-x64

ransomware...it.exe

windows7-x64

10

ransomware...it.exe

windows10-2004-x64

10

ransomware...le.exe

windows10-2004-x64

10

ransomware... 5.exe

windows7-x64

10

ransomware... 5.exe

windows10-2004-x64

10

ransomware...de.exe

windows7-x64

10

ransomware...de.exe

windows10-2004-x64

10

ransomware...ck.exe

windows7-x64

7

ransomware...ck.exe

windows10-2004-x64

7

ransomware...ye.exe

windows7-x64

6

ransomware...ye.exe

windows10-2004-x64

6

ransomware...ap.exe

windows7-x64

6

ransomware...ap.exe

windows10-2004-x64

6

ransomware...ya.exe

windows7-x64

1

ransomware...ya.exe

windows10-2004-x64

3

ransomware...om.exe

windows7-x64

10

ransomware...om.exe

windows10-2004-x64

10

ransomware...ab.exe

windows7-x64

10

ransomware...ab.exe

windows10-2004-x64

10

ransomware...ye.exe

windows7-x64

10

ransomware...ye.exe

windows10-2004-x64

10

ransomware...ni.exe

windows7-x64

10

ransomware...ni.exe

windows10-2004-x64

10

ransomware...pt.exe

windows7-x64

10

ransomware...pt.exe

windows10-2004-x64

10

ransomware...ya.exe

windows7-x64

7

ransomware...ya.exe

windows10-2004-x64

7

ransomware...en.exe

windows7-x64

8

Analysis

  • max time kernel
    121s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    15-03-2024 21:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ransomwares/InfinityCrypt/InfinityCrypt.exe

  • Size

    211KB

  • MD5

    b805db8f6a84475ef76b795b0d1ed6ae

  • SHA1

    7711cb4873e58b7adcf2a2b047b090e78d10c75b

  • SHA256

    f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf

  • SHA512

    62a2c329b43d186c4c602c5f63efc8d2657aa956f21184334263e4f6d0204d7c31f86bda6e85e65e3b99b891c1630d805b70997731c174f6081ecc367ccf9416

  • SSDEEP

    1536:YoCFfC303p22fkZrRQpnqjoi7l832fbu9ZXILwVENbM:rCVC303p22sZrRQpnviB832Du9WMON

Score
10/10
infinitylockransomware

Malware Config

Signatures

  • InfinityLock Ransomware

    Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.

    ransomwareinfinitylock
  • Drops file in Program Files directory 64 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ransomwares\InfinityCrypt\InfinityCrypt.exe
    "C:\Users\Admin\AppData\Local\Temp\ransomwares\InfinityCrypt\InfinityCrypt.exe"
    1⤵
    • Drops file in Program Files directory
    • Checks processor information in registry
    • Suspicious use of AdjustPrivilegeToken
    PID:2072

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_OFF.GIF.A188FDB593AF3422E0954497262E156611A05C0B2B0A6CDD1C9493B7F822003C
    Filesize

    352B

    MD5

    2336c81bacc369f7d2f768d45c8808d0

    SHA1

    a01a2409377dc23495a624acff11a06cd3f03eb9

    SHA256

    6ed7bcfe72542891d30641e37b53f4aa1f864efd0a98ef9c3b1a7a32a690e44e

    SHA512

    c77da6f206ec7fd905404debad66851be86921bda8e3f16f1b64348ef6d2f9f19865065cd628ff0489d364ccd4778c8e20d9ae16a98343e2f582cb776d5eae48

    Download Submit
  • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_ON.GIF.A188FDB593AF3422E0954497262E156611A05C0B2B0A6CDD1C9493B7F822003C
    Filesize

    224B

    MD5

    d598063ed8749c978922d9037d2e310b

    SHA1

    1e6249daf420609e2b886b9451276e03aca82031

    SHA256

    0a40a832578ef0bd5a2b1a0f2a3b19dbbdb5e509b9a31d4193d7abd9014405f4

    SHA512

    111c69bb9ce5c417f96ff0df773c49faab15cecf1c0d3eb4a0c229119ed4cd1fdc9ee83d29e7291583d9adc6026d66962749f558b98073c02c96231faa379ad4

    Download Submit
  • C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_F_COL.HXK.A188FDB593AF3422E0954497262E156611A05C0B2B0A6CDD1C9493B7F822003C
    Filesize

    128B

    MD5

    33f620ea16a15b41919e301916287ae2

    SHA1

    ebb2312ca32950b3cb2f8875707f475e636e8627

    SHA256

    119fc16cf6a7379cc9a5a6e401d40ec2b17222fffad372fd2e02b2ba35e8a435

    SHA512

    6302bf82dfca20d66a38658fc3c77235f442fe7bc5fab028b3872902b4d4fdababe3ad841be72f1cb8094ab32366e2b5f16a762269e66cb50483322febbbc203

    Download Submit
  • C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_K_COL.HXK.A188FDB593AF3422E0954497262E156611A05C0B2B0A6CDD1C9493B7F822003C
    Filesize

    128B

    MD5

    006ad51bbb0f9e3466824496de694802

    SHA1

    58334c4884421e74864d7881b501e951a6185dd1

    SHA256

    c7c247cf37ca09f2a7d802b029ef88874807fa4c615cf76c68c9b0010ae6cfb7

    SHA512

    597d93a12e520d8c5541a275aedb9a3b5b6179709722736c13ebf1d332275fbb7312b409d2f116b1a3541536738fae1f48c97b098bd78dc721c003cd7e3e326d

    Download Submit
  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\BUTTON.GIF.A188FDB593AF3422E0954497262E156611A05C0B2B0A6CDD1C9493B7F822003C
    Filesize

    192B

    MD5

    c2f784cb42bf9aa0e5abd2c6a923c651

    SHA1

    601ededcb4eed3ffed22b3d817edb850351f707f

    SHA256

    31a91ebec7b2216e4f8724269d90cb6dbf4faaac22eb64a0de74c9db304e5551

    SHA512

    91d077e904403eb5ac86d0cee53c7f8f0820ebd253d304277bb5aba19c49d41fae039f20854ce476e48a7063d8c653d5597b25ac914de6b5bea4601f3183480f

    Download Submit
  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_OFF.GIF.A188FDB593AF3422E0954497262E156611A05C0B2B0A6CDD1C9493B7F822003C
    Filesize

    512B

    MD5

    8d09847a6ba97075fdea2bf4ca3dba17

    SHA1

    00a96af6b5035e3d4b6ac462d09ea0f3d3cdd651

    SHA256

    451bd159eafac68c0f97a0b776ec3f9692fb0e0290b9b1451d84247b4dbf60fc

    SHA512

    6a74795ea28fc0b88c5001b7d2a3af784a45d342d75de6e86dde28f837aeb495865d2f864da0ff635e15401120f2523d5c4afa9ee8585bf8f73ca7618b3bba91

    Download Submit
  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_ON.GIF.A188FDB593AF3422E0954497262E156611A05C0B2B0A6CDD1C9493B7F822003C
    Filesize

    1KB

    MD5

    4e1aa37c66c75c383b901eeae4a9e3cd

    SHA1

    0d2f32df0ea2a4be8999b6f0d1dc844ce9743f53

    SHA256

    c2feb405d75416100916dbd7ed82d5a1ce4b7d45a530e5634bdf0667b607a034

    SHA512

    d6352dd83a4a10b7e83d60cc5ab89c700bce480adbe265ae0df317402b46e0abfc0097b299b8ef3cdabccd54ddf4210123c5a2fa56941f2285934795757695b1

    Download Submit
  • C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.NO.XML.A188FDB593AF3422E0954497262E156611A05C0B2B0A6CDD1C9493B7F822003C
    Filesize

    816B

    MD5

    492c2bf2a0ec4fbd9fb00d0ebbfdae25

    SHA1

    61fba2fe7ea40b40fe897bc964e5e4bdf0eb14e1

    SHA256

    fbef8cfbf9aeb20d440db94dd6acaeb3a27d8583e6929cc82ca76b720dbd515b

    SHA512

    43ee33cd2c7b08f76ec4229437411d72b7553712f2fb563463802c938ec2cf4b562d165ebda315b6e206ed293c195dc6752034f76287d242758b7b5b5ae478c1

    Download Submit
  • memory/2072-3189-0x00000000021C0000-0x0000000002200000-memory.dmp
    Filesize

    256KB

    Download
  • memory/2072-3061-0x0000000074990000-0x000000007507E000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/2072-2-0x00000000021C0000-0x0000000002200000-memory.dmp
    Filesize

    256KB

    Download
  • memory/2072-1-0x0000000074990000-0x000000007507E000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/2072-0-0x0000000000260000-0x000000000029C000-memory.dmp
    Filesize

    240KB

    Download
  • memory/2072-5317-0x00000000021C0000-0x0000000002200000-memory.dmp
    Filesize

    256KB

    Download