Overview

overview

10

Static

static

3

InfinityCrypt.exe

windows7-x64

10

InfinityCrypt.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    17-08-2024 05:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    InfinityCrypt.exe

  • Size

    211KB

  • MD5

    b805db8f6a84475ef76b795b0d1ed6ae

  • SHA1

    7711cb4873e58b7adcf2a2b047b090e78d10c75b

  • SHA256

    f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf

  • SHA512

    62a2c329b43d186c4c602c5f63efc8d2657aa956f21184334263e4f6d0204d7c31f86bda6e85e65e3b99b891c1630d805b70997731c174f6081ecc367ccf9416

  • SSDEEP

    1536:YoCFfC303p22fkZrRQpnqjoi7l832fbu9ZXILwVENbM:rCVC303p22sZrRQpnviB832Du9WMON

Score
10/10
infinitylockdiscoveryransomware

Malware Config

Signatures

  • InfinityLock Ransomware

    Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.

    ransomwareinfinitylock
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe
    "C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Checks processor information in registry
    • Suspicious use of AdjustPrivilegeToken
    PID:2648

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_OFF.GIF.DBCA90211FFACD400F164AAB5B172C250E62EE663284264AA53B5F241397FCB0
    Filesize

    352B

    MD5

    b2979457c1ca1393481f581a7f7f1fc5

    SHA1

    b5839d6ffa4ea65ffab0323e34bfb679fd67a222

    SHA256

    775e2fa5473421ec8a078368210e65170b2bd73e909df5dab004e452f2720d3c

    SHA512

    f5ef14a69446d537a3d8406c3064b774c572c606beabf6fecc76af23dd0408220d80cbc2d2b2d54de0e188d918352f36cabe3bef1590886dbf4595092e2af953

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_ON.GIF.DBCA90211FFACD400F164AAB5B172C250E62EE663284264AA53B5F241397FCB0
    Filesize

    224B

    MD5

    fea4d84e241c6270509330384b6e3dff

    SHA1

    21c0050a5a4f52cc1e1379c5e636e6379b7a11b0

    SHA256

    23342eaa315d19756f5fe85a4326e586552d3bcf4e94ce9145e09efb8800673b

    SHA512

    116c059580b63aff60338533ec5b39cff20dcf62d83eca41d636d11bf324a90c68ad7bcf6a331334dfdb3b3822d063c6d8c9cee0a1f73d4b8a279a0e85b6d89d

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_F_COL.HXK.DBCA90211FFACD400F164AAB5B172C250E62EE663284264AA53B5F241397FCB0
    Filesize

    128B

    MD5

    e5f56178cccd09d354d8bf9d439be255

    SHA1

    b43c9a93719bf8c67842c1f46402fc2b22690bb0

    SHA256

    bea2a3381f76feb83f9d31c082d9ece5259ba510699e47a10cce63bc48682733

    SHA512

    0a3f0969f3b15012db7c41a3900d19490d0b59c448ec80b5c5b7224635e305a55cdee9d19437944e09ce271b384938fdf70e541602a753a89fac21581bd13682

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_K_COL.HXK.DBCA90211FFACD400F164AAB5B172C250E62EE663284264AA53B5F241397FCB0
    Filesize

    128B

    MD5

    281e4a82c18564a4bdc24c0f8e71f50f

    SHA1

    32de80db3d1265d02756b749924fb01ceb46b5a7

    SHA256

    1368aaa6b39b4f3e9c0158c43d38fa0ab80be86916554eaed8f1c125e18b9f22

    SHA512

    2729b9ef61bd6a9bd94c27b339de9fe25daa693f50ef694619bcd7f1f18e031f490fda52b4c49f09b185a97f22c8e04162af2128ea36416a1f252ead98aff7b7

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\BUTTON.GIF.DBCA90211FFACD400F164AAB5B172C250E62EE663284264AA53B5F241397FCB0
    Filesize

    192B

    MD5

    8252a7e9bb88269b8fd0cf5592a23aa3

    SHA1

    d696d6735474e4eeaa615031fef17249fe358588

    SHA256

    f925069e3e0333fa9135a5524d78a0d027164a80af7d26807aec5905efe6000a

    SHA512

    a9c940dac11779e91db6f68446d4f24c657915cce706fa1d115990f62f88a3c65d7e7b97d3af2df4535fdcd523bd4db98390a28ae714aa46dd2e7ee438fc9ba1

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_OFF.GIF.DBCA90211FFACD400F164AAB5B172C250E62EE663284264AA53B5F241397FCB0
    Filesize

    512B

    MD5

    55169bd0fb71b3795a46a5d477cdff31

    SHA1

    fe64a3343f58e6c7edf1c51bafaea226abbc5c7c

    SHA256

    ab35ef20b459dc0481bbaecc5b65f792c23305ee0d85a144c4e3a0241f864e67

    SHA512

    bfd530596cd66d44482b2ff8e5c2cea6869e5b6df589d217d56684f8b86b885b206618305d0e9ec719b901ffecce9dc02b0b8a3429c6d2a97741af1cd33b7c6c

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_ON.GIF.DBCA90211FFACD400F164AAB5B172C250E62EE663284264AA53B5F241397FCB0
    Filesize

    1KB

    MD5

    da40642f3f8ec5bbad2d660b95cf6cd1

    SHA1

    48c587ce1af19355b6c29df39bcc16506ce30ff7

    SHA256

    550ab47d802245aea0a874a7cc002b72c4aa0f337b980a6143731b9250083ecd

    SHA512

    8232a6753feb63376680992f8dc15f54eb016b6f9479edbcea0dd546b8f11b600029da205bdd6e24ff0858c1981ced21d1308b427d0ccc9843331c899f9a5a95

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.NO.XML.DBCA90211FFACD400F164AAB5B172C250E62EE663284264AA53B5F241397FCB0
    Filesize

    816B

    MD5

    61ca2288452598369ca4dffe4ce37e37

    SHA1

    fa0ffd9735c6ce330f35eb648091c3976109a9e0

    SHA256

    7d5724be7230d05c6d5979aab22a926951c0fb99d1868c2ebecf8951002c711b

    SHA512

    a165e9652cf1f05907adaa0c85e582f44e9d692cfd83885c86ba7825a219a3fbd60bd0d8939003089d11ad091119a01649adb06eb6a96753de235d9ca1b8f010

    Download Submit

  • memory/2648-564-0x00000000743E0000-0x0000000074ACE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2648-561-0x00000000743EE000-0x00000000743EF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2648-2-0x00000000743E0000-0x0000000074ACE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2648-1-0x00000000013B0000-0x00000000013EC000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2648-0-0x00000000743EE000-0x00000000743EF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2648-5306-0x00000000743E0000-0x0000000074ACE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2648-5307-0x00000000743E0000-0x0000000074ACE000-memory.dmp

    Filesize

    6.9MB

    Download