Analysis
-
max time kernel
122s -
max time network
151s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
17-03-2024 04:49
General
-
Target
ransomwares/InfinityCrypt/InfinityCrypt.exe
-
Size
211KB
-
MD5
b805db8f6a84475ef76b795b0d1ed6ae
-
SHA1
7711cb4873e58b7adcf2a2b047b090e78d10c75b
-
SHA256
f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf
-
SHA512
62a2c329b43d186c4c602c5f63efc8d2657aa956f21184334263e4f6d0204d7c31f86bda6e85e65e3b99b891c1630d805b70997731c174f6081ecc367ccf9416
-
SSDEEP
1536:YoCFfC303p22fkZrRQpnqjoi7l832fbu9ZXILwVENbM:rCVC303p22sZrRQpnviB832Du9WMON
Malware Config
Signatures
-
InfinityLock Ransomware
Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.
-
Drops file in Program Files directory 64 IoCs
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ransomwares\InfinityCrypt\InfinityCrypt.exe"C:\Users\Admin\AppData\Local\Temp\ransomwares\InfinityCrypt\InfinityCrypt.exe"1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_OFF.GIF.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792Filesize
352B
MD513cda850762dd48f7a1072ec74487e16
SHA1d85fbe0f4e36bd6880ac6e61595190c7fe6549fb
SHA2561d442a79e8d6674807bd37ea4542f6182446043c24d7675c15b594803c459e62
SHA512d21d6ac75c28845c2da336070e524b6b130f8d865535f71999156f93b23624855699cc29ed8538464b0982ae7457211d9691ece5cfb389ce80e276e2b8ecc427
-
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_ON.GIF.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792Filesize
224B
MD5227c254c9abf7926589d86bc8de2465b
SHA139a973e24c74ccc3dfcf33fbe36342d34a89c688
SHA256e53787ba66d2bf78df98457fc7dd400928fff3d5956cbcc730ecb377c55dc8c8
SHA512d0ebb244449a048748a4a5a9bf1e709f166ff3b6975fd2670a2340e02fd9f354bc25b2107ecf7e32c2b1cfca0a9b0eed68e2fdd29167e52f2ef510f3269970cc
-
C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_F_COL.HXK.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792Filesize
128B
MD5b7141464c904c71cabadce5918039068
SHA1921832d614fcace2dfadfa78319b6a84f0bab39f
SHA25657c8eeba0962a362869d7705bfb6a11507c54de8a723575c17f5c3569e4ddbf6
SHA5120b8397b4a6ac1176f73b7e25e0a4b315be3ce1f691a2afc4ff84ebcae53fd5602ae17fec745dc8b05a35987a5ec13211100ccf3e2023dd5a7228e6392175be6c
-
C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_K_COL.HXK.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792Filesize
128B
MD5a5369b08acffc9318bc783c3e24daa89
SHA1d9ff6f67ad008c05fdf07c5398cd8e264ceb1062
SHA256fa7cf4a58adcc2ca1638396fb2cba6451ae3ee96d975f9292b38f384b90b5e7b
SHA512aa34e81d795da7194a590f0d21d69fd3064c7b7fb2644d31d8317545f6af0524beb89eb8cdb9e2b1c41c7e4772d720d5406e32480ce1eaeb7a44a2ee49fb92f4
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\BUTTON.GIF.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792Filesize
192B
MD5e0ea4f944b2c81ab1d8cf86867ee0842
SHA12f01c107cc5aac2f1e0a0f742c7536e2205d9e07
SHA2567b7b4ead66c9556089d2999c17c7327a332d74ca98ad8b6cda62f6ac55cdc0cc
SHA5125ac2e3586a35dc63e82e8ded03258c9e60e5b11b9011e9d0ffab1c4516f4f1212abb37a9348b137b8b813937fb69986f5685cbda7ce4df7a249a520fb740f356
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_OFF.GIF.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792Filesize
512B
MD5caa6203a6047eedc814ed1c1edd764ab
SHA19e7707af1560304c6c647626836f0aa68bafba75
SHA2562d96641a975ac67da406ce7bd05205392dc6ed7776766457e278b6f7fe2fcabe
SHA5128148114b26149f8481369d9a88cce2f709f9b4558fcfbf0e99a38829ffffddabb4869ec1d179879af8982966386422a4bad4210fc664718d488cdc86bee61fbb
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_ON.GIF.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792Filesize
1KB
MD537978f0b9a9b4209261fd63d8fe8edea
SHA1de966693a3bbb630e29476bec1fd6e349e1ec020
SHA2560177834ec6cc5d5ec96cff825089e0120d9c67a1390b9dd6d9776a785f94c1a8
SHA5120d38ba600afcdff8f9c174ce8a34b9a6fd5a5dd0baf9a18e8ffd7196b8215c484267064d20256bc39525dbe821fac6f24e0d794cff0056f39a16f75af8dd215f
-
C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.NO.XML.224E0A0F22B55426959D5C835814CD88907CE3F9EABCF17907C4078FD23C5792Filesize
816B
MD59f969a0d2f5ba931591b3f03fff68566
SHA1f069bc775f9801809c2ecae4c8bd379754c1d365
SHA2565a0d02d78cdc37900bed5d5a82d3ced832043c107622064f227a453d9a5a597e
SHA512f8d4ebcc18d19185f3c80be3f18a961c9556d1be08de91cd87b5d1ba67bc1722374236a3c02b408af3a369ebaabe37ae574d2f03ce2ce9ab32c562ed1c3ade21
-
memory/1228-3082-0x0000000074600000-0x0000000074CEE000-memory.dmpFilesize
6.9MB
-
memory/1228-3239-0x0000000004C30000-0x0000000004C70000-memory.dmpFilesize
256KB
-
memory/1228-1-0x0000000074600000-0x0000000074CEE000-memory.dmpFilesize
6.9MB
-
memory/1228-2-0x0000000004C30000-0x0000000004C70000-memory.dmpFilesize
256KB
-
memory/1228-0-0x0000000000390000-0x00000000003CC000-memory.dmpFilesize
240KB
-
memory/1228-5312-0x0000000004C30000-0x0000000004C70000-memory.dmpFilesize
256KB
