Overview

overview

10

Static

static

3

Endermanch...pt.exe

windows7-x64

10

Endermanch...pt.exe

windows10-2004-x64

10

Endermanch...pt.exe

windows10-ltsc 2021-x64

10

Endermanch...pt.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    116s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    31/01/2025, 13:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    [email protected]

  • Size

    211KB

  • MD5

    b805db8f6a84475ef76b795b0d1ed6ae

  • SHA1

    7711cb4873e58b7adcf2a2b047b090e78d10c75b

  • SHA256

    f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf

  • SHA512

    62a2c329b43d186c4c602c5f63efc8d2657aa956f21184334263e4f6d0204d7c31f86bda6e85e65e3b99b891c1630d805b70997731c174f6081ecc367ccf9416

  • SSDEEP

    1536:YoCFfC303p22fkZrRQpnqjoi7l832fbu9ZXILwVENbM:rCVC303p22sZrRQpnviB832Du9WMON

Score
10/10
infinitylockdiscoveryransomware

Malware Config

Signatures

  • InfinityLock Ransomware

    Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.

    ransomwareinfinitylock
  • Infinitylock family
    infinitylock
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\[email protected]
    "C:\Users\Admin\AppData\Local\Temp\[email protected]"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Checks processor information in registry
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:760

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_OFF.GIF.8E216EA471589E99C113DD7CA876D6F7A5CA206D71E1366889FB5C8C595A341E
    Filesize

    352B

    MD5

    20beaa13320ab1dd48d05d062dd45317

    SHA1

    42425924ec0ca2489a255670aab38028db962cbd

    SHA256

    7546ff0beaa638ad778966a36d32e31f2cc5797b5da0b1e9e7bff96028cab9a7

    SHA512

    5a6f425bde571056b5475ecdb54d31c3c80658b74c3ebfbae667b4260416caeb6ded45180d280eda9604412c345ee9e466cb6fb018357f241279177b6cb97340

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_ON.GIF.8E216EA471589E99C113DD7CA876D6F7A5CA206D71E1366889FB5C8C595A341E
    Filesize

    224B

    MD5

    89219e911d9bb951f978d3368b7ebd99

    SHA1

    5bbf2aaea5a5191e6d2fdb8f5591c13f234ec696

    SHA256

    2dbf7895ea18d5d0d4e59ba530d47bcf9f68397c18141f17e36a770195fbea7e

    SHA512

    f8d10f7cff769f798625301f85a71f5f7639e3ea609a98918d4589529f604dc3a41fa5f4748fbbaa7d16bbb5b5cc6e527160f48031c763b4d2414d3bdacbc497

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_F_COL.HXK.8E216EA471589E99C113DD7CA876D6F7A5CA206D71E1366889FB5C8C595A341E
    Filesize

    128B

    MD5

    d957d58bd483e4513f2fea6c30135b43

    SHA1

    86a6516dc08c0117aa286c92e3a79c875e4157fe

    SHA256

    1bb1374a2393ceff60ad46073255d31205e1ddafc3b19d65ba639767035162da

    SHA512

    bd75ac0ed2576140461f6a6dff0620d408e95b1641a9031ddd459cf195ddf8d7b03529390f3a7d3f38cf598f45f6120148a840c58884bdfa6f4776058e2b9036

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_K_COL.HXK.8E216EA471589E99C113DD7CA876D6F7A5CA206D71E1366889FB5C8C595A341E
    Filesize

    128B

    MD5

    c4d80fab0e2e720cab6d6d50c408d94a

    SHA1

    4bd70c7fac5af5681b777e7f77743dcb7e11cd07

    SHA256

    853c96ef93d512fd3ce70994b8bfa9192fd5221341ce540943c20d93d48420dc

    SHA512

    e938b92c066e22e478fa749fa604f1d19f410ddf893ed244cda4d09c6b6b81906fe7e2ba9161170ced14d7984a75bc47d27d86c98007b3d3dd257dde2d83ec0b

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\BUTTON.GIF.8E216EA471589E99C113DD7CA876D6F7A5CA206D71E1366889FB5C8C595A341E
    Filesize

    192B

    MD5

    99bb2d1b4f86e7b2198335f8d9a77a92

    SHA1

    3408f362eba0fb35edd62a75bd3ea279078accf1

    SHA256

    50439c5c20a3b027d4cfc3c213cc9019eddf1e06bcbccf97e34992c954f6fbc0

    SHA512

    78902632a0eb58695902961a4826551920e48fd8fa32e03d280b7bdaf36738b804d794db024585e71f28517cc59264f23c243201dc5bbc781bf6e383fc409595

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_OFF.GIF.8E216EA471589E99C113DD7CA876D6F7A5CA206D71E1366889FB5C8C595A341E
    Filesize

    512B

    MD5

    b64fb1c96fc88c56bc62408fc4afddb0

    SHA1

    bea1aa101471afcec2783997847a300873aec8e1

    SHA256

    8a4715fe22ac6687775e41f2797bf0ab79ed38c3b2508ba0d9c4cadef5002f5e

    SHA512

    4231b1241e3d073940664f1c97f8ec501902abecf814cd361ed10f72b87c828e676ce3d78994a052ae13fc4d6f35159f739a09d46b9dcdcb4a041a53766ac58f

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_ON.GIF.8E216EA471589E99C113DD7CA876D6F7A5CA206D71E1366889FB5C8C595A341E
    Filesize

    1KB

    MD5

    97a82144cdfbea90c7e1706493b197b1

    SHA1

    12cce1f25111ed7861dbb8eb89809061a683ec6f

    SHA256

    5bac518cc1b41c4ae66521c6f31a534d24fa6bdf0b37400298dc718da67ba11e

    SHA512

    7f72b0a30165464f89da9746527976fd39840b5e543082eee39a6938575828e091993cacea478810b22c18ae437961e5a0367100870806d04f242c8d4cd38f92

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.NO.XML.8E216EA471589E99C113DD7CA876D6F7A5CA206D71E1366889FB5C8C595A341E
    Filesize

    816B

    MD5

    802fb10ec1574021be9ab08517911555

    SHA1

    07a74594aaf409737fd3d58fa1572a3513c6ad32

    SHA256

    a0c8f9fda83a23409c363c3f9fc0ff24ef448e7928aa394270bbffcb48dcf1b0

    SHA512

    041f365cda25b5256518a64136ca6b9175f9cc9098ccc63ca2e9266bbc0c22a1083151e956c3b6cb74642845347399cf99cc7ecbe06bd712f689b303f6a78de4

    Download Submit

  • memory/760-142-0x0000000074DC0000-0x00000000754AE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/760-136-0x0000000074DCE000-0x0000000074DCF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/760-2-0x0000000074DC0000-0x00000000754AE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/760-1-0x0000000000D30000-0x0000000000D6C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/760-0-0x0000000074DCE000-0x0000000074DCF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/760-5342-0x0000000074DC0000-0x00000000754AE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/760-5343-0x0000000074DC0000-0x00000000754AE000-memory.dmp

    Filesize

    6.9MB

    Download