Overview

overview

10

Static

static

3

InfinityCrypt.exe

windows7-x64

10

InfinityCrypt.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    29s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    20-11-2024 19:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    InfinityCrypt.exe

  • Size

    211KB

  • MD5

    b805db8f6a84475ef76b795b0d1ed6ae

  • SHA1

    7711cb4873e58b7adcf2a2b047b090e78d10c75b

  • SHA256

    f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf

  • SHA512

    62a2c329b43d186c4c602c5f63efc8d2657aa956f21184334263e4f6d0204d7c31f86bda6e85e65e3b99b891c1630d805b70997731c174f6081ecc367ccf9416

  • SSDEEP

    1536:YoCFfC303p22fkZrRQpnqjoi7l832fbu9ZXILwVENbM:rCVC303p22sZrRQpnviB832Du9WMON

Score
10/10
infinitylockdiscoveryransomware

Malware Config

Signatures

  • InfinityLock Ransomware

    Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.

    ransomwareinfinitylock
  • Infinitylock family
    infinitylock
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

Processes

  • C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe
    "C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Checks processor information in registry
    PID:3060

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_OFF.GIF.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5
    Filesize

    352B

    MD5

    6031819992959b78a408286870578570

    SHA1

    9ca439bf0102c0b136e09488590eb48f7ca747c8

    SHA256

    5a0a5cf634bb1031ae74cf0baa88a47e2865f7688b78ddd45270b02f28b76be4

    SHA512

    895f31bf4e29d44cf0b136cdc79ca541e2ee2e2e5b32885f6366a3c41f91e751debb5e321cb2a1ce78ef22888116c45584fb17365cfb855f953e2cdade1a06a1

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_ON.GIF.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5
    Filesize

    224B

    MD5

    5e083ef30c07c960e75a92d01c6d17a8

    SHA1

    4966c1ddfde88eeb4cf0241bccf6eb6957d7f318

    SHA256

    85d3574117c4ff1ac19d11d6350c1ccf8b4d7db5ae450eb82cd4b391f285a174

    SHA512

    4b3365488d1925c573d461d96299be4acfb4677255efc9e904b8259b9ab49a745a1e061a9ad6054f9d24670a3c725ccf3c3767441e5eff45971ecd35dec85919

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_F_COL.HXK.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5
    Filesize

    128B

    MD5

    c8bf48af806cefa2ed2301c34e759598

    SHA1

    3f26732cb8ebd47f57b0baff79f7f2549b1e84c2

    SHA256

    eb2999cb32a79d8dc1ee720354e4e098a25148f5a02b7717beb73df395c0d031

    SHA512

    af81fbcf6bf147873cc1715e800871295778bd79aefd097fb1952c9c2318ac3c4269d324697a4edab51f40f1a7bffb8291a6a71ab24afca7cf23ff6bf53b281b

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_K_COL.HXK.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5
    Filesize

    128B

    MD5

    a8a41f30f1b6651d9b0205b8ca6e9159

    SHA1

    ba0b409c31d1eabb0bfd88dfa430c700bc1e0722

    SHA256

    7fba5655d311454460e2a2a4e04b7408b11911817772658d484a6da1a3ecf188

    SHA512

    25075aa5a2d8666fc69aad63aefe7f7e887515a4fa8d8df48bc9fe8bea5d70b92e7955627eb6a12aaeba2415f72d81a0f1744a9ec066030ee74b4b93e6d9010b

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\BUTTON.GIF.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5
    Filesize

    192B

    MD5

    d6c1f7828ad450182ec5c9aecbe31ba1

    SHA1

    f9a589b4ff14e0ae740e354c83dead9eadf38b10

    SHA256

    5bcf70bdb3cce0f19cffc85e57109bc96f69d28be9aa71a1d7a13b24d73778ba

    SHA512

    438eece0810bd7c4e9c98689e61fb8f2a1eedd2bccc8111d2f6db6c335b3f9d3dfa909fb3bd7170094a230d8cf747d304c8ee4b059ce408ba367a1bd4ea9ede8

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_OFF.GIF.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5
    Filesize

    512B

    MD5

    48704f656e801512f4a70820f127be20

    SHA1

    015fb64fce47fc8c89806cd63138bd550d943a02

    SHA256

    4119cd071a1997cf14f08e8f28a38e3cc788bab6979385442809b7a2799aa28d

    SHA512

    73d967d887546a270c1bed0fec1cb138d494ee8d517e5032857878da534b02c7d938f55013d46df4ec427baa2f7f85aab920ec19139af29a97d988b3e58479d0

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_ON.GIF.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5
    Filesize

    1KB

    MD5

    538e1dbde4df0dd036b4ec932524f771

    SHA1

    1fbee268dc49ed33522b0e98d904ac994fd4f300

    SHA256

    bd048d23f1aea9a038063dad29291178d4d69b64401a0018c8f157f3761e4b67

    SHA512

    291d87ad5892d94260ff23507fd57f42f18e4919ad03ce7c166957ee76d8bb2e47056beddb7db72c4be8d71cd869c2f35a9e63faa9a92f620874f6fd3d9d6327

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.NO.XML.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5
    Filesize

    816B

    MD5

    074faf4959f60f0f955dcb5ed8a9f373

    SHA1

    2675c3896ba8242756910bfa9d2d43a796713af4

    SHA256

    fb8848ecf114f6185ab7cd3ffbd74ef765b76c90010d5eac99adfb9beaae1179

    SHA512

    8ac78f078ddd39c6ff679463d430602af0a5dc086e123e084f2541c4028665dd0982162c6913a2f07fef86fafcead3526ac3649430e967285a7bd7699f80a8b0

    Download Submit

  • C:\Users\Admin\Desktop\LimitTrace.xlsx.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5
    Filesize

    9KB

    MD5

    406e69380e75cf7c3cf781de0b894136

    SHA1

    57497a0477cb473742e02f048b5ab980cde72755

    SHA256

    ffcbea48f7290f812c6f146443582e6ee7e022cc42457fcd84a9f16dba3fade2

    SHA512

    aa40157c6c52a33d1775b8c8b1b2d2b6a25dca66aa7673f3a84e0495dc8530d4982e5a77260cb02d3f3762739325740fbcafcd5caf4edced2cfc4378c3c8bc29

    Download Submit

  • memory/3060-562-0x0000000074720000-0x0000000074E0E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/3060-561-0x000000007472E000-0x000000007472F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3060-2-0x0000000074720000-0x0000000074E0E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/3060-1-0x0000000001390000-0x00000000013CC000-memory.dmp

    Filesize

    240KB

    Download

  • memory/3060-0-0x000000007472E000-0x000000007472F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3060-5328-0x0000000074720000-0x0000000074E0E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/3060-5329-0x0000000074720000-0x0000000074E0E000-memory.dmp

    Filesize

    6.9MB

    Download