Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

Endermanch...pt.exe

windows7-x64

10

Endermanch...pt.exe

windows10-2004-x64

4

Resubmissions

05/03/2025, 13:17

250305-qje5wsy1ct 10

05/03/2025, 04:08

250305-ep9qxaytct 10

Analysis

  • max time kernel
    838s
  • max time network
    839s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    05/03/2025, 13:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    [email protected]

  • Size

    211KB

  • MD5

    b805db8f6a84475ef76b795b0d1ed6ae

  • SHA1

    7711cb4873e58b7adcf2a2b047b090e78d10c75b

  • SHA256

    f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf

  • SHA512

    62a2c329b43d186c4c602c5f63efc8d2657aa956f21184334263e4f6d0204d7c31f86bda6e85e65e3b99b891c1630d805b70997731c174f6081ecc367ccf9416

  • SSDEEP

    1536:YoCFfC303p22fkZrRQpnqjoi7l832fbu9ZXILwVENbM:rCVC303p22sZrRQpnviB832Du9WMON

Score
10/10
infinitylockdiscoveryransomware

Malware Config

Signatures

  • InfinityLock Ransomware

    Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.

    ransomwareinfinitylock
  • Infinitylock family
    infinitylock
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\[email protected]
    "C:\Users\Admin\AppData\Local\Temp\[email protected]"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Checks processor information in registry
    • Suspicious use of AdjustPrivilegeToken
    PID:2136
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:2180

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_OFF.GIF.C70E9521BBC7B2B50BD5612740082D5DDDFE5932A9F87AB1AFF8791177B8F278
      Filesize

      352B

      MD5

      cc470e9847ac9fb74294a2d69728f7e8

      SHA1

      0213e44f293e0b257b0791e7c2e7ea8b386873bb

      SHA256

      36ceba1ec366a7b27e5ec26ba0a9c2eeea0fa236f6e5aae8a7d9d71434fb6f5e

      SHA512

      bb71cbdeb8875fea26385d04387824374da5318ebc54a55d05e77ff48d89d5cf998506cb4508730ecfb1a3487ae713120b26882653ebcf7b102995a8e616e799

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_ON.GIF.C70E9521BBC7B2B50BD5612740082D5DDDFE5932A9F87AB1AFF8791177B8F278
      Filesize

      224B

      MD5

      c42ce826f882e7195221ff4dc36dcaa3

      SHA1

      2e398f66df38370e64a85105e45069cc75505666

      SHA256

      c1efefe7aa8386ea9036575ee265180e14129a4ac3b1198a03e1a52cec28f768

      SHA512

      db67fdefb0c341b9670387760ba0cf5fd7651c3f4a5fc0770de4576e23adf79ac3a934cd4d38137023bfc7c854ccb30184a45eec79ec9b0766812e707e0642c3

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_F_COL.HXK.C70E9521BBC7B2B50BD5612740082D5DDDFE5932A9F87AB1AFF8791177B8F278
      Filesize

      128B

      MD5

      35dd7938aecf12357dc80127e234287f

      SHA1

      66cb55ba015379710e4335e3899d58e5f22261ff

      SHA256

      69ca691a0afbfa358c0871781629b823544da12193d08f901c71033e2389d667

      SHA512

      3e6ba8b391b85064aa641b813a7de151c5e1a79d82f2bd6a1bdebdd86146402e7c082403712e1c0ccb801a35b0e42d774f9a99b36334e858a418bf44d636a741

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_K_COL.HXK.C70E9521BBC7B2B50BD5612740082D5DDDFE5932A9F87AB1AFF8791177B8F278
      Filesize

      128B

      MD5

      be1b6b2b3084b6b58132c69b9bc7c5b0

      SHA1

      f7c00553139c1f7a2d70776bfb64d4cc12bfc78c

      SHA256

      ccfaa2e80a2aa30ac342e21e96975d63597626fa793fe00ca34623c9e7bda798

      SHA512

      69a9c6226035995a1f393a6818a7086c2b3da9ed3735101271ebd1151e9304de1e14553c02189665fd18f1826aeb6f09c326d3bad377d9c95614e3aec2f18ec3

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\BUTTON.GIF.C70E9521BBC7B2B50BD5612740082D5DDDFE5932A9F87AB1AFF8791177B8F278
      Filesize

      192B

      MD5

      4416c5ba6df2bcc6450e0b238701c398

      SHA1

      981de831aae532068836e342f7728c47c2739e30

      SHA256

      88986a0e1ccd6e6dfde5f1e149d3f8519ac4f52f624b5804c9ccda22b35738e9

      SHA512

      e594a7bbb087e9cffcea9634206807703a6f5a03a91505e93a380dad7f8b3603a1a8665da34d8e7781413a0d88101fa0f42b9b2c8320317fe8ab8dc4475ac47b

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_OFF.GIF.C70E9521BBC7B2B50BD5612740082D5DDDFE5932A9F87AB1AFF8791177B8F278
      Filesize

      512B

      MD5

      aef05e1b41d5a4bac35e1f47cdb929ae

      SHA1

      25b21d9a3daf9166d72c6ffc974b27ea667d43cb

      SHA256

      f59fd4a7b725f32c7ba027c987feab5178ad059f83cef6aac4f70bb6ab8866d2

      SHA512

      d72bc7da5b38c89d3f811540c6905add03a72ba088b7504bbe37f847714a948fde6dfe92d576c7ec56874b2b393f45f405b8fd80d5596bf46da0126e2e5289ae

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_ON.GIF.C70E9521BBC7B2B50BD5612740082D5DDDFE5932A9F87AB1AFF8791177B8F278
      Filesize

      1KB

      MD5

      2d75434eb5e5d34fc193b3b6e058745c

      SHA1

      472efac8e7a97c273e44ef2ffa2f34ad190106cb

      SHA256

      c17f44a11ab63288088193f421a0cde8b79f2a8c6d872bb9a2232ab16a5816e8

      SHA512

      72dbf62352feed0c08cd62746ec64ed6dc4541d0ace671758af923089f3beb32e2a8b2622afb6f818eaf0d7e1d424146ad2a992970bdd4d7e0f0a3c4467fb370

      Download Submit

    • C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.NO.XML.C70E9521BBC7B2B50BD5612740082D5DDDFE5932A9F87AB1AFF8791177B8F278
      Filesize

      816B

      MD5

      958cdead432690803130f514737c3907

      SHA1

      1535a3f808961df5f4cb7e2828628114d5a8b0c3

      SHA256

      950f5b74fdb7bb5d7ade5f02610957f5c7d23723e6369d0bbc90c7e19f8ddc59

      SHA512

      a08376cb64d587af870499e9874a5f97ac5eda9bde13538b1f038ad35a9ca22803c3780627409effaa14cf1c82f3f0d06c1a15614df7efe7da72f3d6c310d48f

      Download Submit

    • C:\Users\Admin\Desktop\OpenBackup.xlsx.C70E9521BBC7B2B50BD5612740082D5DDDFE5932A9F87AB1AFF8791177B8F278
      Filesize

      13KB

      MD5

      600bba95eb34b044f19815d7715e8e3e

      SHA1

      36061671ea1ac9337d27520130da4acb1487c891

      SHA256

      b5357e43cdbbcebd8c37d3af7bda7d1c038f2769663a7a0f8ff8b16ca2202007

      SHA512

      35aa27e4c6ef08f929d970b44594ae72fd69ab157e2c242fd6fc548236fad16215b477210e282e7fae3f704b6df53c53b7be98826d71099b9e972f0bbee554f7

      Download Submit

    • memory/2136-566-0x0000000074080000-0x000000007476E000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/2136-561-0x000000007408E000-0x000000007408F000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2136-2-0x0000000074080000-0x000000007476E000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/2136-1-0x0000000000970000-0x00000000009AC000-memory.dmp

      Filesize

      240KB

      Download

    • memory/2136-0-0x000000007408E000-0x000000007408F000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2136-5322-0x0000000074080000-0x000000007476E000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/2136-5323-0x0000000074080000-0x000000007476E000-memory.dmp

      Filesize

      6.9MB

      Download