Overview

overview

10

Static

static

3

InfinityCrypt.exe

windows7-x64

10

InfinityCrypt.exe

windows10-2004-x64

10

Resubmissions

03-08-2024 09:15

240803-k8dqgatema 10

03-08-2024 09:06

240803-k2thcatcmc 10

Analysis

  • max time kernel
    117s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    03-08-2024 09:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    InfinityCrypt.exe

  • Size

    211KB

  • MD5

    b805db8f6a84475ef76b795b0d1ed6ae

  • SHA1

    7711cb4873e58b7adcf2a2b047b090e78d10c75b

  • SHA256

    f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf

  • SHA512

    62a2c329b43d186c4c602c5f63efc8d2657aa956f21184334263e4f6d0204d7c31f86bda6e85e65e3b99b891c1630d805b70997731c174f6081ecc367ccf9416

  • SSDEEP

    1536:YoCFfC303p22fkZrRQpnqjoi7l832fbu9ZXILwVENbM:rCVC303p22sZrRQpnviB832Du9WMON

Score
10/10
infinitylockdiscoveryransomware

Malware Config

Signatures

  • InfinityLock Ransomware

    Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.

    ransomwareinfinitylock
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe
    "C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Checks processor information in registry
    • Suspicious use of AdjustPrivilegeToken
    PID:2536

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_OFF.GIF.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019
    Filesize

    352B

    MD5

    366514b7f6825b714a774c62358a0579

    SHA1

    10c195ebe330a82e037778425e7a844a615933d9

    SHA256

    fb9eba8fc29f664117f0e0c79370b7edf8e14e17d303336429547afa30e2c4b8

    SHA512

    458342e36ca10a6409984a20eaf1d071808c49530d73cc7d6d2a987502fc5e374f8e3d6109a6d12f7035f081151ea235a3420b2e8439b5ab5a244633a2c0b91e

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_ON.GIF.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019
    Filesize

    224B

    MD5

    baaf625eff089ac16e6aeabe3f9fa8d1

    SHA1

    f8d7010f0947694fe28e5aabcd4a33c6492197d9

    SHA256

    c6742cf187c88053de665c4fd42526aa7b7b2bb3a90135ee3ee2463d7c451b74

    SHA512

    c664308532535449f42a72a1967a1c82deafabec6a581d6278005f3da4f8f87e8ce9bcf04a043c51649f1cc297b9912ea2be32cad75497dfcfe560a47220211c

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_F_COL.HXK.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019
    Filesize

    128B

    MD5

    1be8015adf164884d3630612a4dda204

    SHA1

    4da699c38fb472dc1c2496ee3b68aeb4c81e48a0

    SHA256

    e90307e60f66b266af400c0a41cb49d9a1e4c34e643c9cb8f3e14e2704ddafd9

    SHA512

    6ea6f11df2b3b69fee147e79e6a1662e9f2cacdb6f9ecf0dfcbc6bddc06da91191a0b80261091424e3ecab515fb8db34624752ece9a329f9e8f61417d01941cc

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_K_COL.HXK.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019
    Filesize

    128B

    MD5

    303e27f5bc9a6dbf01987e4b1411e007

    SHA1

    fdbc4e767b4053dbfd7368daee3b52a9fd187490

    SHA256

    0cb1af0b371f4842d6a34c8b158c8e8301a08c5a527492d7635e2933d3b0d85e

    SHA512

    0b541329bbae7b2d09ffd46b6f3195b7176515e86b4b043ff5a0b46eefc4428b32730306e95cf45b01ab5a7f072c97bbb4dce6a9af4c7d18b2673f48f6a3f50c

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\BUTTON.GIF.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019
    Filesize

    192B

    MD5

    a620c6f132558bcef91d02b61d3d131d

    SHA1

    a1fa103dff30c6405ef8211b05c6c9d32f56fd16

    SHA256

    4086dac671515cf414c75c6314b28a8273ffc60d01fb6b38448e40f2a6f18eed

    SHA512

    5edb12f8e7965def4e103d6f4fb142daefd24043d86eee143af09f3c53806990ec596c6a68bb8adf8ab72e8ba9c570c29e920b6804bbe7065d22c107c382568d

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_OFF.GIF.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019
    Filesize

    512B

    MD5

    a9f180a54b5aeaf21053085678109245

    SHA1

    e12d85857a788ba0b03f3803b4eef33645c54dc0

    SHA256

    cc1e1c2e9b3afb28acdc06ae3144a24316e57a777500d75f93a5ee3638238e35

    SHA512

    56d0736924b4b22f66061f37c969ff882f91a76b2619456180ba4dc0fefdae65826cdf1f4c58f9408a88595cac6482b776f3fb49c6a6643a9b817e05440ff6e3

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_ON.GIF.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019
    Filesize

    1KB

    MD5

    b5ebb2d73755aa02ffcc83e2dee461f6

    SHA1

    f4ddc242f5244c5a3ac010c11128564e0a17c4b7

    SHA256

    2dbf59f4248d63dd32311d7399735f377fbb39ff6b17fb312d025312970df3b2

    SHA512

    d9575985ad7340fdc37f15270e834e61dacac0d8ce4c97d3bfadf299b422ae40b3725ff91359dd378a138171dcab52a5f97c26190dc44dac206c8741362f1ed3

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.NO.XML.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019
    Filesize

    816B

    MD5

    6e620c1d87e012d289cf6ac8728b959a

    SHA1

    1a98a828ef4c1db6e24d5ce2fd03d735429a1efd

    SHA256

    9998724f73357fe7aa9d1eb006823a087bd891cba2c3f580bd4fedd644470a14

    SHA512

    7f459df6a94b6886cabfbf657e4b4d4f1f2744e8120b1cf808276fa39f55072e2532149cbe7b18479a13fcf2b9293f2a96dae842672e8cae3506cf8be5aa31e8

    Download Submit

  • memory/2536-3202-0x00000000745F0000-0x0000000074CDE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2536-3051-0x00000000745FE000-0x00000000745FF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2536-2-0x00000000745F0000-0x0000000074CDE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2536-1-0x0000000001110000-0x000000000114C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2536-0-0x00000000745FE000-0x00000000745FF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2536-5359-0x00000000745F0000-0x0000000074CDE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2536-5360-0x00000000745F0000-0x0000000074CDE000-memory.dmp

    Filesize

    6.9MB

    Download