Overview

overview

10

Static

static

3

Endermanch...pt.exe

windows7-x64

10

Endermanch...pt.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    25-03-2024 19:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    [email protected]

  • Size

    211KB

  • MD5

    b805db8f6a84475ef76b795b0d1ed6ae

  • SHA1

    7711cb4873e58b7adcf2a2b047b090e78d10c75b

  • SHA256

    f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf

  • SHA512

    62a2c329b43d186c4c602c5f63efc8d2657aa956f21184334263e4f6d0204d7c31f86bda6e85e65e3b99b891c1630d805b70997731c174f6081ecc367ccf9416

  • SSDEEP

    1536:YoCFfC303p22fkZrRQpnqjoi7l832fbu9ZXILwVENbM:rCVC303p22sZrRQpnviB832Du9WMON

Score
10/10
infinitylockransomware

Malware Config

Signatures

  • InfinityLock Ransomware

    Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.

    ransomwareinfinitylock
  • Drops file in Program Files directory 64 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\[email protected]
    "C:\Users\Admin\AppData\Local\Temp\[email protected]"
    1⤵
    • Drops file in Program Files directory
    • Checks processor information in registry
    • Suspicious use of AdjustPrivilegeToken
    PID:2372

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_OFF.GIF.540A1F78F287E9F987C9AF347EB62FF3B3B5F227AF6A81867BE6B5D3CCBD2849
    Filesize

    352B

    MD5

    c734a6fbbb9727fa3a3e6d9eb86ac65b

    SHA1

    2118712de65c913c38b66de354f8c13eb9c1fd70

    SHA256

    348dca166b56ec9e735561db076268d1d100d1fce0042c68e372249f43da35a0

    SHA512

    e58dad8bf6ce957ead5c128a44088b440fabe8b68e377327af52b6529d58ce41bd6a3a2dab0853adea7642f0ecab0d66c3628f23fd4fb1ae6e61627af033b353

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_ON.GIF.540A1F78F287E9F987C9AF347EB62FF3B3B5F227AF6A81867BE6B5D3CCBD2849
    Filesize

    224B

    MD5

    abcf5b2259cff0dbb3db5aae6f69f6dc

    SHA1

    1167a7544b0b930f0b9ffe69c25ed4464ac2dd24

    SHA256

    818172037a7c20f1bcbfcc944a6848043909de5f5b35f2b2d415dba5d9d6609e

    SHA512

    89250c317bff814b02bc51173c30f96d6eb7c390ca00ecd5496bf3c673ad5ac56fdf7e9678e20c936393eced798ef579fb449bd9a717241e78487f609ef07df5

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_F_COL.HXK.540A1F78F287E9F987C9AF347EB62FF3B3B5F227AF6A81867BE6B5D3CCBD2849
    Filesize

    128B

    MD5

    4a85fe114916ed46a3588fd9b9060863

    SHA1

    54956f8733c0595a5b42ba6f7709c673ea8fc41e

    SHA256

    e282a7162b5fce3a72aa3976b8f20eead15cf5c25bfb92f4eb45dd0e630be087

    SHA512

    10ae33b9fa388d585d822eacd5865e747bbf7b64c5bd185983eaa643a04ab096dd81d895e0499c976847fc3e840f1488aa711ec662d38b4d3105a6d320271073

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_K_COL.HXK.540A1F78F287E9F987C9AF347EB62FF3B3B5F227AF6A81867BE6B5D3CCBD2849
    Filesize

    128B

    MD5

    d58d655728eb67fe9e1cddadadc13ccf

    SHA1

    cd2f45c63bf1a584c95c48c26247c1b279cc8a72

    SHA256

    ceef2514bb01eb75948e5c4ea9a15b9e6d4f818f9162db6bdae9b0a7f575eb6c

    SHA512

    dd602c6a7e02e4ce85a00e23e9c0d60fe1b506d9f70cbce5561edf799585d7968b479c447503b9338bb11172408070859978b911054028602665b2e1ce4e1e7f

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\BUTTON.GIF.540A1F78F287E9F987C9AF347EB62FF3B3B5F227AF6A81867BE6B5D3CCBD2849
    Filesize

    192B

    MD5

    9e2ee324e01d96cd08619aea223f11f5

    SHA1

    869ff5f0ee71c3324eb5c712e791d5dd04247515

    SHA256

    c096d045ddd13c9a413439f19e2d750baf83ed7c53196e5fc00470cca68ad248

    SHA512

    582b20dbc907d0bbb3ad37799ba3413e6f7aec7cfb221510d1216eb58edbde4869307228baa632dccfc4bd0b9f06e27078acde80c06ae8665901c1b668ca721e

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_OFF.GIF.540A1F78F287E9F987C9AF347EB62FF3B3B5F227AF6A81867BE6B5D3CCBD2849
    Filesize

    512B

    MD5

    2e062a55008686a34f5a77aae33049e1

    SHA1

    65e008cd35d8792cceebcf0a60e4b8bf20c209f2

    SHA256

    1e6cb7356b83bc67911e212d7382f730008b628381687d0fa133204b18d306d8

    SHA512

    cf90dcc1b14bd277f13ef339593dc9500fe7ace8ab4dcdc9fd436440eab23c584d4533ba8ae81828a4389ba1e5d4542b88d7c2f971871b3470affce3c67d1946

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_ON.GIF.540A1F78F287E9F987C9AF347EB62FF3B3B5F227AF6A81867BE6B5D3CCBD2849
    Filesize

    1KB

    MD5

    4714bd5f0b980f77d8f72ab4bb6f18cf

    SHA1

    71e287317cb405f24777511d96aa2ac2e357b454

    SHA256

    a90ea18f2d5f427b23fc0bf25818c4df0d292bfbae6b7587085a904e73db4faf

    SHA512

    325d96748a24e4ff937f38469ac2c9a0b341bb7d07b0cfa137168c41ae20373af007cf952262f815db11b57e96487d9f9ad15d059b675d66a7e12ef84ec41fb8

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.NO.XML.540A1F78F287E9F987C9AF347EB62FF3B3B5F227AF6A81867BE6B5D3CCBD2849
    Filesize

    816B

    MD5

    d06e105a9666fc228e0f08b6e63cf79e

    SHA1

    685c44223453750ca5bfd368e286c033ad330200

    SHA256

    630acc64840ce54970df733bee3eb74d6711a1441caf3bf2c1bba369978720f5

    SHA512

    80b67efa52100f0c98cd9829eb85fc0580bd1ec65f3a02130700507b2849911e3653e485bb950afb9e14c57beb92a4941ad504a97eb2c25738a2371c54a0aba6

    Download Submit

  • memory/2372-0-0x0000000000CB0000-0x0000000000CEC000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2372-3243-0x0000000074C20000-0x000000007530E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2372-2-0x0000000004980000-0x00000000049C0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2372-1-0x0000000074C20000-0x000000007530E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2372-3722-0x0000000004980000-0x00000000049C0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2372-5315-0x0000000004980000-0x00000000049C0000-memory.dmp

    Filesize

    256KB

    Download