Overview

overview

10

Static

static

3

hydrogen method.exe

windows7-x64

10

hydrogen method.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    316s
  • max time network
    317s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    03-11-2024 17:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    hydrogen method.exe

  • Size

    211KB

  • MD5

    b805db8f6a84475ef76b795b0d1ed6ae

  • SHA1

    7711cb4873e58b7adcf2a2b047b090e78d10c75b

  • SHA256

    f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf

  • SHA512

    62a2c329b43d186c4c602c5f63efc8d2657aa956f21184334263e4f6d0204d7c31f86bda6e85e65e3b99b891c1630d805b70997731c174f6081ecc367ccf9416

  • SSDEEP

    1536:YoCFfC303p22fkZrRQpnqjoi7l832fbu9ZXILwVENbM:rCVC303p22sZrRQpnviB832Du9WMON

Score
10/10
infinitylockdiscoveryransomware

Malware Config

Signatures

  • InfinityLock Ransomware

    Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.

    ransomwareinfinitylock
  • Infinitylock family
    infinitylock
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\hydrogen method.exe
    "C:\Users\Admin\AppData\Local\Temp\hydrogen method.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Checks processor information in registry
    • Suspicious use of AdjustPrivilegeToken
    PID:2780

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_OFF.GIF.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019
    Filesize

    352B

    MD5

    e2c59f6290b9a21c482b4cd5a6b434fe

    SHA1

    c4326fed2524800b41d22c06075c533137ad2d75

    SHA256

    b36a901b0c82e99effef80061a505baf8486a3973d659e52f370b8e730403b9e

    SHA512

    6ec0b567276d2187efa9ad5cfd8d11ac9aafc08a6a861ee82e1ed081af16c59d6ef2f9c72a4c72ac062e1c69c5919e95588ae12fb186b379c27442d9908afcde

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_ON.GIF.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019
    Filesize

    224B

    MD5

    473b203edb0d3e93ce199679b6467e47

    SHA1

    333804d83861e74f6a51eff1d3dee9012ddc9bad

    SHA256

    1b0a1e1e84031af86abb70166599c971d6dbe0b6113e74d3906f14598586404d

    SHA512

    1ee428e98375bd65a4d9a2472bcd4919f037057479230bf5077597c7e1f27874ddca0a67ecd09ab6a69559cb620c98d30b22c19f1e3e255697953e0fd0914470

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_F_COL.HXK.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019
    Filesize

    128B

    MD5

    aebe8649e4f913402114cea9d5046fbf

    SHA1

    69e7c56a67434f0a93bc6f257eb71018f948a847

    SHA256

    3d6ddf730b6a1d2320e12dcb2f09ba4ab930bb54e9c88ca9e0b2f4d962c6ffae

    SHA512

    b366dc9bdbc3a3743d0229fe0b8b4478fb29b68a65fbfec3c8913743f8029a2a98a65c8f8c7a05f15a62c016b480e9a4cc1a0c7767cdb85b6151b6ba9079a6e3

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_K_COL.HXK.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019
    Filesize

    128B

    MD5

    3672fff2297195df188db6b47a7edce1

    SHA1

    953b2f5d9f1dc386a1eb2a2abbc7cd218ab670ab

    SHA256

    809720b24e99686667b2418c68f3d6eccff8830b5b7261130c533ff218112aee

    SHA512

    16550efcf94b0d2ca73fafe49a1f5905a1338270dd349af2dfad64382e18377f60c2c66307ca440e6a47b597a34a6f9982aad7396e60fec5c8543a61e590dec9

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\BUTTON.GIF.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019
    Filesize

    192B

    MD5

    5cf7389af3f5fc52608650729571b281

    SHA1

    83dd929ea01ce13fadd804189262004a91562444

    SHA256

    576a8a6de5bad15e5a6cd76ce87910d3571dd1bb864d2f83ae4ecb828a62fc99

    SHA512

    4a8678bc1f6f4d911067d0343f5e2561aea53d5cd6ead074679fe43b8d6cd67fd7ad27a38d57e94e65292d60321619e80b617194c958072c0ec81a9af15d002d

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_OFF.GIF.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019
    Filesize

    512B

    MD5

    db365286bdf2c6838d47d210405d40b5

    SHA1

    4ede6b5a0fc32b56866eb8b618a5c829b69414d8

    SHA256

    28e7b3313514b0bd347f330e98a6b23a38e9c21e3e7226a8ea587e06ac479a07

    SHA512

    a637edf99232afb287eb6539b8849b026e648fd14996d3e8baadc977dfb2367b52be27c1cc2075cbabeb8b195e034668c22f27b3760980bf3fa3bf8e89ecba68

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_ON.GIF.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019
    Filesize

    1KB

    MD5

    466188e530e4314038318d9412541bfd

    SHA1

    7d14b743c75c48b28a2c9f4198d1595c56eaaa59

    SHA256

    1680e1de81df07237217a653b2aa56d215153e8f50d8abca3495483466423053

    SHA512

    408cefb12c70c73304d31e51bfebdd356ba3822420bc3cc238e469cd25760cb118fa6a8671b412980aad740d9a0c84fbadfa6a076fbad31f00735bebd585c390

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.NO.XML.EDBA62549B7D70769AA75BB090B2D8BC9AA93C7C160CF6E35C24EB4E063D6019
    Filesize

    816B

    MD5

    41b201e948806f3ab1e43a29a5ccd843

    SHA1

    47f0a7234d66eacccf2803901feacefd1844a748

    SHA256

    50189d801fa553412424d808631c7e58a392408c52bb12cf4cce06cd0ba747f7

    SHA512

    d58fc105044801c5bcc44224cfb1719641ec79ebd0c43095a85216ea049eebb232ddb9efe7ac629504561c8d2b5877177a60c64150a68ad11b5a36600914b931

    Download Submit

  • memory/2780-561-0x0000000074350000-0x0000000074A3E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2780-560-0x000000007435E000-0x000000007435F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2780-2-0x0000000074350000-0x0000000074A3E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2780-1-0x0000000000FA0000-0x0000000000FDC000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2780-0-0x000000007435E000-0x000000007435F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2780-5338-0x0000000074350000-0x0000000074A3E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2780-5339-0x0000000074350000-0x0000000074A3E000-memory.dmp

    Filesize

    6.9MB

    Download