Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

Endermanch...pt.exe

windows7-x64

10

Endermanch...pt.exe

windows10-2004-x64

10

Resubmissions

05/03/2025, 13:17

250305-qje5wsy1ct 10

05/03/2025, 04:08

250305-ep9qxaytct 10

Analysis

  • max time kernel
    128s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    05/03/2025, 04:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    [email protected]

  • Size

    211KB

  • MD5

    b805db8f6a84475ef76b795b0d1ed6ae

  • SHA1

    7711cb4873e58b7adcf2a2b047b090e78d10c75b

  • SHA256

    f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf

  • SHA512

    62a2c329b43d186c4c602c5f63efc8d2657aa956f21184334263e4f6d0204d7c31f86bda6e85e65e3b99b891c1630d805b70997731c174f6081ecc367ccf9416

  • SSDEEP

    1536:YoCFfC303p22fkZrRQpnqjoi7l832fbu9ZXILwVENbM:rCVC303p22sZrRQpnviB832Du9WMON

Score
10/10
infinitylockdiscoveryransomware

Malware Config

Signatures

  • InfinityLock Ransomware

    Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.

    ransomwareinfinitylock
  • Infinitylock family
    infinitylock
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\[email protected]
    "C:\Users\Admin\AppData\Local\Temp\[email protected]"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Checks processor information in registry
    • Suspicious use of AdjustPrivilegeToken
    PID:2800
  • C:\Windows\System32\GettingStarted.exe
    "C:\Windows\System32\GettingStarted.exe" {6819DEE2-366D-4F92-8F73-EC24116674D3} %systemroot%\system32\UserAccountControlSettings.exe
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1976
    • C:\Windows\system32\UserAccountControlSettings.exe
      "C:\Windows\system32\UserAccountControlSettings.exe"
      2⤵
        PID:760

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_OFF.GIF.43A8B949400763381895E1280E6F3D3658C64AB85D2F4087862E005EF274E0DA
      Filesize

      352B

      MD5

      41e67cbad665a4388639b68757e547a3

      SHA1

      fde4527c4c2015091362c62a5c4da4b7545ad115

      SHA256

      bbe6efa4881c57061d3a31ef7e93d0a48f53be39d08be3e098a30f7000450698

      SHA512

      5bad3be1840fa70423ce16f587ac161e4336a263ead941db1bffbb3c277704b9dc4097b86bf3eead972a2883207b098a13e33d60790f4fc5879c595e46c4f18b

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_ON.GIF.43A8B949400763381895E1280E6F3D3658C64AB85D2F4087862E005EF274E0DA
      Filesize

      224B

      MD5

      ef306ef6c1db7bfb13b4985ee7450baf

      SHA1

      1e6dc77636a8c52084b7d66ea1fc2c6dfbecfe3e

      SHA256

      407dcc66c539358d791190a74e2c51fd8eb94cc222d965c30f345bd0c30fdd5d

      SHA512

      dc14cd57a460924c6415ea0f05c894b3475e14528e6fe964d350498e04771f245550e97bd11147f886d40e092635f0dc4a34eb5e5d0a9a6a3f999199bb06c4ee

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_F_COL.HXK.43A8B949400763381895E1280E6F3D3658C64AB85D2F4087862E005EF274E0DA
      Filesize

      128B

      MD5

      2c0e33d24f8092231244012608e6b06f

      SHA1

      ba2ff4f818bb39776a6faf9fed87a43169969931

      SHA256

      115b06a4f614505c54eefc16494da71c0b998cdad4cd7c66cdd4fd109c009b6a

      SHA512

      cb6a5e94d4f08ac41a37396ba350e8891d7e87bbb0fb3b406a00df500cb1ed5c845dc445f03d0d48811d9fc53432a15a3f38a345422de45c0617b2301846c047

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_K_COL.HXK.43A8B949400763381895E1280E6F3D3658C64AB85D2F4087862E005EF274E0DA
      Filesize

      128B

      MD5

      3eaf3365687dcc2034a3a17311bce0bc

      SHA1

      d411cd5805608e3cef712af3e75837d688ecf266

      SHA256

      44828e69ecabefe6b845b8f8a230cf9940879d3b6e304690d6a8451b16d9a48e

      SHA512

      47353a7afc9570db7f457fddef9b371cb62767c325501f6e7a80ebed46e91d749bc59c71121a7a1be0d5b4367ab220c81d7006476f023efb15022b90d28bb38a

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\BUTTON.GIF.43A8B949400763381895E1280E6F3D3658C64AB85D2F4087862E005EF274E0DA
      Filesize

      192B

      MD5

      f8cdd73a834787707bf15f88d86478fc

      SHA1

      ce38a15ed1eb1d26b54140b34d343d47733ac28a

      SHA256

      2e668b1843086402a0287a4010963ac5ec133fd788aeb4c8daf3b259a403763f

      SHA512

      e18cdb7b0b0bf5a8e9f44913ac89ea94766aad3934a557e07a6662b649c4368cabfcb5e10262e1301efe29b4c8eb75416985e99172ca6bfa920fcdf744d14258

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_OFF.GIF.43A8B949400763381895E1280E6F3D3658C64AB85D2F4087862E005EF274E0DA
      Filesize

      512B

      MD5

      724bd77f885d7f2fde77294eb3d96f26

      SHA1

      cb30bf66b7e0e107b571f64946de0eaadd04710a

      SHA256

      5765afef00af5991faf6292cfbf38ef2548b74ba4df744e9747e2fe77cf3e1b4

      SHA512

      ae8bdd726e8f6ea2005c736e1e09270ea19956a5efe6e84afc3ff81da47ae0e7b9df6f1ab412848bf9ab67c42485d7c73c397050d7dd294d5ef9cdb76031348e

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_ON.GIF.43A8B949400763381895E1280E6F3D3658C64AB85D2F4087862E005EF274E0DA
      Filesize

      1KB

      MD5

      35bbf482784fbe3aaed039b5cb409059

      SHA1

      f8f467ffda6d18cbc49f915a4366317b3b0d0ee1

      SHA256

      2ab40204e56d72affdb3b0dfe45ecc51447f57ea446212fc03ba72f649644317

      SHA512

      87a162c961115f8ce93730d8bd9e472b8cb8dc8a457af6402dde18c4bb696fe7771ee494501de10c39569b2607a55738700fe769f2edf1263892e6b8df4b97c4

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.NO.XML.43A8B949400763381895E1280E6F3D3658C64AB85D2F4087862E005EF274E0DA
      Filesize

      816B

      MD5

      7291e85582f2033ac5bac8f41da71f31

      SHA1

      32188af184a5ea68895fcfc06600760c4c358924

      SHA256

      2cf08a7f36ca70ee71b4c34936bd6e5d89d4fde1b918c73ad4cd852ab899a2e0

      SHA512

      c423e5e897f22b94e211adf2f8ed8a0428ad69755fcfb460baf0ac98ecdbc6c08c38cf0417cb524cad7a773c111a50ec6730f2cf3f46d77c882219936b94b7c1

      Download Submit

    • C:\Users\Admin\Desktop\ReceiveFormat.xlsx.43A8B949400763381895E1280E6F3D3658C64AB85D2F4087862E005EF274E0DA
      Filesize

      11KB

      MD5

      82d88137afd686507800e5d1cb067b93

      SHA1

      3913075d31dba1fe0b1f10bca76de5c7488d3362

      SHA256

      48af8594a7a5c697f81cf7c5f4d6119d380db4a6400fe93b1a88c5852b0d26e7

      SHA512

      aafe752360c7f7a2d1795ed322df986808309ea5c3c29621e0e7db5695d8ea737710be629ccaf1a4a280b0e22261347004cc833b6aa8ac63e89a4ba464ddf6ee

      Download Submit

    • memory/760-5312-0x0000000000110000-0x0000000000120000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2800-576-0x0000000074460000-0x0000000074B4E000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/2800-561-0x000000007446E000-0x000000007446F000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2800-2-0x0000000074460000-0x0000000074B4E000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/2800-1-0x0000000000F30000-0x0000000000F6C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/2800-0-0x000000007446E000-0x000000007446F000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2800-5310-0x0000000074460000-0x0000000074B4E000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/2800-5311-0x0000000074460000-0x0000000074B4E000-memory.dmp

      Filesize

      6.9MB

      Download