f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf

General

Target

InfinityCrypt.exe
Size

211KB
MD5

b805db8f6a84475ef76b795b0d1ed6ae
SHA1

7711cb4873e58b7adcf2a2b047b090e78d10c75b
SHA256

f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf
SHA512

62a2c329b43d186c4c602c5f63efc8d2657aa956f21184334263e4f6d0204d7c31f86bda6e85e65e3b99b891c1630d805b70997731c174f6081ecc367ccf9416
SSDEEP

1536:YoCFfC303p22fkZrRQpnqjoi7l832fbu9ZXILwVENbM:rCVC303p22sZrRQpnviB832Du9WMON

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 64 IoCs

Processes:

InfinityCrypt.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\SmartTagInstall.exe.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0105520.WMF.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\HH00687_.WMF.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\HH01875_.WMF.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00163_.GIF.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\DD01166_.WMF.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\DD01586_.WMF.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\EN00319_.WMF.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Help\msitss55.dll.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\WISC30.DLL.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPREARM.EXE.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VC\msdia100.dll.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\DD01182_.WMF.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\OSETUPUI.DLL.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Portal\PortalConnectCore.dll.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\DD00256_.WMF.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\FD00564_.WMF.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0105414.WMF.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\IETAG.DLL.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\goopdateres_fil.dll.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BL00194_.WMF.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0089945.WMF.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099157.JPG.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\OSetupPS.dll.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\goopdateres_de.dll.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\msolap100.dll.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\HH01065_.WMF.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ACEEXCH.DLL.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\MSB1CORE.DLL.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\HH01013_.WMF.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0093905.WMF.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\WebKit.dll.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\COMPASS\THMBNAIL.PNG.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EVRGREEN\PREVIEW.GIF.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\CLASSIC2.WMF.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\DD01180_.WMF.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\PSCONFIG.CHM.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AN02724_.WMF.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\DD01157_.WMF.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\FD02068_.WMF.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Excel.en-us\ExcelMUI.XML.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\LEVEL\LEVEL.ELM.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\goopdateres_ru.dll.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\CLASSIC1.WMF.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\FD02116_.WMF.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0101858.BMP.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0101859.BMP.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\DD01183_.WMF.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\HH02298_.WMF.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSSOAP30.DLL.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\TextConv\MSCONV97.DLL.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BOLDSTRI\THMBNAIL.PNG.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CONCRETE\CONCRETE.ELM.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\14\BIN\1033\FPEXT.MSG.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\OFFREL.DLL.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CASCADE\CASCADE.ELM.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RICEPAPR\RICEPAPR.INF.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00021_.GIF.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0105386.WMF.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\LICLUA.EXE.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUECALM\BLUECALM.INF.07780E8243AFA03690BD8EABBFC234C610F1D3957644E5087030B978F268B518	InfinityCrypt.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

InfinityCrypt.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	InfinityCrypt.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	InfinityCrypt.exe

C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe
"C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe"
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
PID:2968

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2968-0-0x0000000000F10000-0x0000000000F4C000-memory.dmp

Filesize
240KB

Download
memory/2968-1-0x0000000074490000-0x0000000074B7E000-memory.dmp

Filesize
6.9MB

Download
memory/2968-2-0x0000000004C40000-0x0000000004C80000-memory.dmp

Filesize
256KB

Download
memory/2968-112-0x0000000074490000-0x0000000074B7E000-memory.dmp

Filesize
6.9MB

Download
memory/2968-133-0x0000000004C40000-0x0000000004C80000-memory.dmp

Filesize
256KB

Download

Analysis

Sharing