Overview

overview

10

Static

static

3

Endermanch...pt.exe

windows7-x64

10

Endermanch...pt.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    08-08-2024 22:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    [email protected]

  • Size

    211KB

  • MD5

    b805db8f6a84475ef76b795b0d1ed6ae

  • SHA1

    7711cb4873e58b7adcf2a2b047b090e78d10c75b

  • SHA256

    f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf

  • SHA512

    62a2c329b43d186c4c602c5f63efc8d2657aa956f21184334263e4f6d0204d7c31f86bda6e85e65e3b99b891c1630d805b70997731c174f6081ecc367ccf9416

  • SSDEEP

    1536:YoCFfC303p22fkZrRQpnqjoi7l832fbu9ZXILwVENbM:rCVC303p22sZrRQpnviB832Du9WMON

Score
10/10
infinitylockdiscoveryransomware

Malware Config

Signatures

  • InfinityLock Ransomware

    Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.

    ransomwareinfinitylock
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\[email protected]
    "C:\Users\Admin\AppData\Local\Temp\[email protected]"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Checks processor information in registry
    • Suspicious use of AdjustPrivilegeToken
    PID:2180
  • C:\Windows\system32\rundll32.exe
    "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\Desktop\CloseUninstall.dot.414E6358FD43D7251448993C8C6D6B718B8B12627C4EE0A55DF377A03B73F18B
    1⤵
    • Modifies registry class
    PID:2700

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_OFF.GIF.414E6358FD43D7251448993C8C6D6B718B8B12627C4EE0A55DF377A03B73F18B
    Filesize

    352B

    MD5

    d308d54683386e0d148f7453cf9fc822

    SHA1

    14161d40a8d17df81c79768ee3225197d028ff1f

    SHA256

    5e20e5700683e4df3937b41c89b9bcbff079751e87e87912e0f97ae2ecc376da

    SHA512

    87e52a367422248301d90967ab9b4d3493a61c28207e8029165f5f5aef03ce6b76c8e9765a1616ab64bebca248d3c64b849367e0caa4ffa3fa8ccd629d1a073d

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_ON.GIF.414E6358FD43D7251448993C8C6D6B718B8B12627C4EE0A55DF377A03B73F18B
    Filesize

    224B

    MD5

    db40d69cd6d5bea6ee45018fe1a43c34

    SHA1

    c9310f11f2896c7786b7329be66745d6325801c8

    SHA256

    90c8feb3d1eb82eff47051e9ba56e3cfb1806c29b37680d387df733aae49c4a1

    SHA512

    1c337995684b7f1ed292527d0922e7cb919807a72e1c93d0753d08277b0c348e3dc98b63836463fd644bd30e93d900e466e0c12559efa76266b59b4ea90e15f8

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_F_COL.HXK.414E6358FD43D7251448993C8C6D6B718B8B12627C4EE0A55DF377A03B73F18B
    Filesize

    128B

    MD5

    4018e99bca8596eead85374864d3e725

    SHA1

    4f0a1e6bc21fb7ad19a1b5e9a9e4325882207ba5

    SHA256

    6e7d7bf561d3a9eda43364c8ce1a579613f5b5b25c4e6fa7b219101098c26388

    SHA512

    384f8cae6db3288198871f4471c347d044d2a6cea297918f77581c364138ca34c91b7e4a8241f4659fd9056ff50d4b32806ef34b306b392b7aed3080f22f45a1

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_K_COL.HXK.414E6358FD43D7251448993C8C6D6B718B8B12627C4EE0A55DF377A03B73F18B
    Filesize

    128B

    MD5

    0f93e04b3296c04483cc83f5213c589f

    SHA1

    ba6c22729507d97f99d8fbf8cdaeb58f33dac453

    SHA256

    097ceb283d5210e12e8cf5072d0754f8659d4acdb9639ed6d5283a9bd39d6ebb

    SHA512

    e2184c6b7dbd1d0dbc48bbcfa340f97f5abcf1c2a6d5eb1e83b46a91e5e63522fd1f12dd10bacd18a12dce6ac7ea9df0d4a06e7be53f8388fdb1d6efd6d3b821

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\BUTTON.GIF.414E6358FD43D7251448993C8C6D6B718B8B12627C4EE0A55DF377A03B73F18B
    Filesize

    192B

    MD5

    97d468050b9c9dd83a53e571ea5d0d17

    SHA1

    2e9065219cda39f9064537e289efb3ebac942a7a

    SHA256

    f259cacc95c5c7052d4c8a108f2509f9a701e38824d087e4f95cc5b371be2dc6

    SHA512

    8f23d109c68c3b21f65bde77930b5a6b3eb0ae05c0662588c5663f9e53808afde7d47fb7f350a22e1ef8aa60f28f193952923d023227fc5086fe25ca0a58b1e3

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_OFF.GIF.414E6358FD43D7251448993C8C6D6B718B8B12627C4EE0A55DF377A03B73F18B
    Filesize

    512B

    MD5

    7a26f8a419820742d8a1e99fe6bf3a2f

    SHA1

    b6fa4ac9377b8d7a3e4bbef145a35657959a72f3

    SHA256

    2a92154b323a602872f903756f1418639e295e679c98ac4ad3b3a63472e3eeda

    SHA512

    fdcc8d8cb768065df1b6e9a3c288772d2c49d09abd5a56725644303cd63eaf49c7d8e413f082dae2002d6b48a3323821bfbcf22dd89d9f207b7cad205601d372

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_ON.GIF.414E6358FD43D7251448993C8C6D6B718B8B12627C4EE0A55DF377A03B73F18B
    Filesize

    1KB

    MD5

    d15e763e87c33eb68363ab0036b61e3b

    SHA1

    89139137f3fc1ac72e9465b7d145e9e87dab424a

    SHA256

    2be87656875ae0b46651e2a06c85100f5db37a5fd880da8ed8d72c13f8038efb

    SHA512

    0a1668ec3b9f6e4ca07a62dc9176a4d3462b088137a24113cbcf7e5ba73306fac2e02eaf3a50c7e1ab191875a940faaa057979a0b5c213127131d312c9acb9df

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.NO.XML.414E6358FD43D7251448993C8C6D6B718B8B12627C4EE0A55DF377A03B73F18B
    Filesize

    816B

    MD5

    ebba69825ac18be0d607c956c5eef97e

    SHA1

    f2c2849b59b572c5c75f8d983f5d3a9a020275ca

    SHA256

    2aee56a5c15949bba8decc49ef55639b6271621bc136d3eeabfcf0a8a76fb3f1

    SHA512

    57ea01a9285c0672949bb93f0236dfe5284bda31a559c2eeb9c4045b45fdd43c206c90a7aeaab2eb9130416470eda3fd19bdfffa06eb0e7f4a31abe99c1b4e61

    Download Submit

  • C:\Users\Admin\Desktop\GetConvertTo.xlsx.414E6358FD43D7251448993C8C6D6B718B8B12627C4EE0A55DF377A03B73F18B
    Filesize

    14KB

    MD5

    705e1eb678015ba6438280fcab614422

    SHA1

    4cb6cbfc145000238c51795bea501b9da9481239

    SHA256

    3226c706ca2d5ea5fb67c97c4fe3cae4e4f59e7a67c432d666f7623d2c5cd4e9

    SHA512

    ea8dde2b7b76a438f399cc985c8465cd410ff05e233e8f48be2dcfa03198e4d32f1fdf378c634361fafc4ecbe6d03333021c24aec51c58f57be2a082dd3b9751

    Download Submit

  • memory/2180-4048-0x0000000074C90000-0x000000007537E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2180-3300-0x0000000074C9E000-0x0000000074C9F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2180-2-0x0000000074C90000-0x000000007537E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2180-1-0x0000000000350000-0x000000000038C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2180-0-0x0000000074C9E000-0x0000000074C9F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2180-5314-0x0000000074C90000-0x000000007537E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2180-5315-0x0000000074C90000-0x000000007537E000-memory.dmp

    Filesize

    6.9MB

    Download