Overview

overview

10

Static

static

3

InfinityCrypt.exe

windows7-x64

10

InfinityCrypt.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    23-10-2024 20:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    InfinityCrypt.exe

  • Size

    211KB

  • MD5

    b805db8f6a84475ef76b795b0d1ed6ae

  • SHA1

    7711cb4873e58b7adcf2a2b047b090e78d10c75b

  • SHA256

    f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf

  • SHA512

    62a2c329b43d186c4c602c5f63efc8d2657aa956f21184334263e4f6d0204d7c31f86bda6e85e65e3b99b891c1630d805b70997731c174f6081ecc367ccf9416

  • SSDEEP

    1536:YoCFfC303p22fkZrRQpnqjoi7l832fbu9ZXILwVENbM:rCVC303p22sZrRQpnviB832Du9WMON

Score
10/10
infinitylockdiscoveryransomware

Malware Config

Signatures

  • InfinityLock Ransomware

    Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.

    ransomwareinfinitylock
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe
    "C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Checks processor information in registry
    • Suspicious use of AdjustPrivilegeToken
    PID:320

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_OFF.GIF.C70E9521BBC7B2B50BD5612740082D5DDDFE5932A9F87AB1AFF8791177B8F278
    Filesize

    352B

    MD5

    e289c9db37828c2a028a0203ea878ae0

    SHA1

    d2a99b3870668cc72e5591e7ab3c9f76c5f78a2a

    SHA256

    23b0e3df90ec94b6f37b6f2d16c23e2868c8df23dff33c9e5339312ba218d604

    SHA512

    4305d83a1b00d9c19bfe1dcfc157232a450aadc5b78fecb2205b0486f0b35e173a72906239ea559d6f66bad395019233ba921e70b4b304bdfb584d401677c7e7

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_ON.GIF.C70E9521BBC7B2B50BD5612740082D5DDDFE5932A9F87AB1AFF8791177B8F278
    Filesize

    224B

    MD5

    7c3c3c817424d1a5059961300c31e665

    SHA1

    32b43ee78e4713756454a3be15d95893e25187bb

    SHA256

    043c8ac7d0e53796cecc2ea4dd786fea98e3fc9b4024a3f6a58931dda683d186

    SHA512

    42b7802e30bf05479f0525403aab58a469db0204a9fd10600f3ae7bbe8426a4bc2bdc9ff7368a1984abe18e4e3d96708c86b4554403356ef49522df6ec3d6117

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_F_COL.HXK.C70E9521BBC7B2B50BD5612740082D5DDDFE5932A9F87AB1AFF8791177B8F278
    Filesize

    128B

    MD5

    14168251ce343030c2a4b867bc87b5dc

    SHA1

    5cec3fd6ece511fbfcc2ee22a5e376a7fb2960ee

    SHA256

    fe249bac6643ff6d85a336e510e1d95f54738a61f123877708f36b8aa2c18cd7

    SHA512

    6d1d02f2e81fb2fc878256838b24a53059cc783fbbedeefc76ed430f8d84e01d91e1172d3bf99e727754552e2135be0ccef30d7c1745fdc02c70f88d5af017a2

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_K_COL.HXK.C70E9521BBC7B2B50BD5612740082D5DDDFE5932A9F87AB1AFF8791177B8F278
    Filesize

    128B

    MD5

    6410a09d40c078fc40aca2360af5f836

    SHA1

    337a12b166466192795c73d52255f22e859b3b96

    SHA256

    0bd57635e6648048bbfcfe3f1a39604f874b984d81fc207b56ad17cf35522302

    SHA512

    049b276fd7e31f37bdcd01906406e3afba576e47ebb14747f410d8a99c7880decf0cad7b2e3990e27aa63266cd81db248121595805aa9671640e384885b5c018

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\BUTTON.GIF.C70E9521BBC7B2B50BD5612740082D5DDDFE5932A9F87AB1AFF8791177B8F278
    Filesize

    192B

    MD5

    97ef4fe4471893dd99b602be5f176f76

    SHA1

    850720d27c42ab7e1901665078293e4dd63fdf85

    SHA256

    c598a5910cc505c8dab55ab30641a9ab5ca4206f22800f7dbb524ade669b15b1

    SHA512

    7ddf049ce060a57a0b7e84d6285a9877b148baf5caa4150844d20756b098bd9bac7f45dc83850925ab66c3bcca2e6c37f3a9b120475891e9ca732e4e8596aaee

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_OFF.GIF.C70E9521BBC7B2B50BD5612740082D5DDDFE5932A9F87AB1AFF8791177B8F278
    Filesize

    512B

    MD5

    7124cbf2d30232e539427fa70d7aafdb

    SHA1

    b2d11977587d78e1e94f806de37cf08e9d6325e7

    SHA256

    e0238cbf3f05b0e98d72cda92efa2d3929721c83d69fb413736a7603ec343a7e

    SHA512

    50592497840583b4a4bdbe9aa015adad8461239b6ed23ee1b8c9a3f7f689ba2859478fe2a4fb217b9d1b26921300553b6b52f646ddda284d5e43583da12cb9c2

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_ON.GIF.C70E9521BBC7B2B50BD5612740082D5DDDFE5932A9F87AB1AFF8791177B8F278
    Filesize

    1KB

    MD5

    42c324c9ad638742a8987d205f797274

    SHA1

    48ec19235dc0054e57a8a8ef5231a33281f2218d

    SHA256

    0a3c45637ff520e0b241f742c19d1bbc8f6867237119827886f7fc0771b2b11e

    SHA512

    cf20ab9e0eefed0126815af050062eb5f75d1b9909295ed0e1670155571bfad459f9a472a485a0638f3a6833a930cfcbb58bc76e0b0eea8768350e0ad42eb487

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.NO.XML.C70E9521BBC7B2B50BD5612740082D5DDDFE5932A9F87AB1AFF8791177B8F278
    Filesize

    816B

    MD5

    7f86a249d0e40c3454daaf119fbd3cb5

    SHA1

    3e32313599dd527791797af7da644c5455f3e966

    SHA256

    db452442b06b0e73f8c7c2cdc799d3d8df5ce61defef1fce966e50dab9a6f0ce

    SHA512

    c61a20d7fb8694f21c29dc1f8f6e767336b2a06ca124b9ca908808cfdfc829df5466216dbfc878ae2e964e69d3f4403d11ace58f8074976c018b7b514c49fa8a

    Download Submit

  • memory/320-567-0x0000000074030000-0x000000007471E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/320-561-0x000000007403E000-0x000000007403F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/320-2-0x0000000074030000-0x000000007471E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/320-1-0x0000000000120000-0x000000000015C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/320-0-0x000000007403E000-0x000000007403F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/320-5330-0x0000000074030000-0x000000007471E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/320-5331-0x0000000074030000-0x000000007471E000-memory.dmp

    Filesize

    6.9MB

    Download