analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
download:

InfinityCrypt.zip

Full analysis: https://app.any.run/tasks/abc4e9ed-2244-4408-b10d-82e9488e1f1a
Verdict: Malicious activity
Threats:

Ransomware is a type of malicious software that locks users out of their system or data using different methods to force them to pay a ransom. Most often, such programs encrypt files on an infected machine and demand a fee to be paid in exchange for the decryption key. Additionally, such programs can be used to steal sensitive information from the compromised computer and even conduct DDoS attacks against affected organizations to pressure them into paying.

Analysis date: August 09, 2020, 02:44:00
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
trojan
ransomware
infinitylock
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

5569BFE4F06724DD750C2A4690B79BA0

SHA1:

05414C7D5DACF43370AB451D28D4AC27BDCABF22

SHA256:

CFA4DAAB47E6EB546323D4C976261AEFBA3947B4CCE1A655DDE9D9D6D725B527

SSDEEP:

768:xaTvxO0nJFcoYFY5Hn8tuWRHkD+unrGRcd0zOF9MzKh8yK4ZJy9ELob8a:EtOoJFSzt5BiGGmObB04Z09cobl

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

  • SUSPICIOUS

  • INFO

    • Reads the hosts file

      • chrome.exe (PID: 2520)
      • chrome.exe (PID: 2160)
    • Dropped object may contain Bitcoin addresses

      • WinRAR.exe (PID: 2292)
    • Application launched itself

      • chrome.exe (PID: 2520)
      • iexplore.exe (PID: 3640)
    • Manual execution by user

      • chrome.exe (PID: 2520)
      • explorer.exe (PID: 3816)
    • Reads settings of System Certificates

      • chrome.exe (PID: 2160)
    • Dropped object may contain TOR URL's

      • chrome.exe (PID: 2520)
    • Reads Internet Cache Settings

      • chrome.exe (PID: 2520)
      • iexplore.exe (PID: 3004)
      • iexplore.exe (PID: 3640)
      • iexplore.exe (PID: 2756)
    • Creates files in the user directory

      • iexplore.exe (PID: 3004)
      • iexplore.exe (PID: 2756)
    • Reads internet explorer settings

      • iexplore.exe (PID: 3004)
      • iexplore.exe (PID: 2756)
    • Changes settings of System certificates

      • iexplore.exe (PID: 3004)
    • Changes internet zones settings

      • iexplore.exe (PID: 3640)
    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 3004)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: 0x0001
ZipCompression: Deflated
ZipModifyDate: 2018:10:21 16:00:05
ZipCRC: 0x1bbc3273
ZipCompressedSize: 34110
ZipUncompressedSize: 216064
ZipFileName: [email protected]
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
87
Monitored processes
39
Malicious processes
5
Suspicious processes
1

Behavior graph

Click at the process to see the details
drop and start start drop and start drop and start winrar.exe #INFINITYLOCK [email protected] chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs winrar.exe chrome.exe no specs [email protected] no specs chrome.exe no specs [email protected] [email protected] no specs [email protected] no specs [email protected] no specs [email protected] no specs [email protected] no specs [email protected] notepad.exe no specs explorer.exe no specs iexplore.exe iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2292"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\InfinityCrypt.zip"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
2948"C:\Users\admin\AppData\Local\Temp\Rar$EXb2292.39249\[email protected]" C:\Users\admin\AppData\Local\Temp\Rar$EXb2292.39249\[email protected]
WinRAR.exe
User:
admin
Company:
Adobe Inc.
Integrity Level:
MEDIUM
Description:
PremiereCrack
Version:
2.3.77.2
2520"C:\Program Files\Google\Chrome\Application\chrome.exe" C:\Program Files\Google\Chrome\Application\chrome.exe
explorer.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
3221225547
Version:
75.0.3770.100
3728"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=75.0.3770.100 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6a0ea9d0,0x6a0ea9e0,0x6a0ea9ecC:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
2848"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2484 --on-initialized-event-handle=324 --parent-handle=328 /prefetch:6C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
3988"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1008,13037371576569360810,16636583450654402843,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=18366032900772431057 --mojo-platform-channel-handle=992 --ignored=" --type=renderer " /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
2160"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1008,13037371576569360810,16636583450654402843,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --service-request-channel-token=6322503944991368489 --mojo-platform-channel-handle=1628 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
2372"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1008,13037371576569360810,16636583450654402843,131072 --enable-features=PasswordImport --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=10368777123188433149 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2256 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
852"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1008,13037371576569360810,16636583450654402843,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=2001432171164904539 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2440 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
2836"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1008,13037371576569360810,16636583450654402843,131072 --enable-features=PasswordImport --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=17362703622914169718 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2436 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Total events
3 050
Read events
2 732
Write events
0
Delete events
0

Modification events

No data
Executable files
2
Suspicious files
130
Text files
144
Unknown types
20

Dropped files

PID
Process
Filename
Type
2948[email protected]C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg.6133A2928349ED47EAE20D7C5FE4195508C8D3EFE1F0ECD66255FBA5E59100DBbinary
MD5:777D1BCE8021071CF9BD83F6F067B767
SHA256:9D5F73767818A548A9004621D46DCFF0817F1CA30B22C050CE9AD69177602B6E
2948[email protected]C:\Users\admin\Documents\Outlook Files\Outlook Data File - test.pst.6133A2928349ED47EAE20D7C5FE4195508C8D3EFE1F0ECD66255FBA5E59100DBbinary
MD5:EC5618009762B7DAAB87D59108D0C185
SHA256:291A5C964408D1A0641DF2888BE9A8B0EE03DD98EE28831B991E2FCF0059CA3E
2948[email protected]C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini.6133A2928349ED47EAE20D7C5FE4195508C8D3EFE1F0ECD66255FBA5E59100DBbinary
MD5:77E37CE7A04667C564FE5B6A35F0213F
SHA256:2B75FD09F469FA9FCF6E422F57D3BFFA5D5EA29BC9A2437C262C75FE1B796F80
2948[email protected]C:\Users\admin\Documents\Outlook Files\~Outlook.pst.tmp.6133A2928349ED47EAE20D7C5FE4195508C8D3EFE1F0ECD66255FBA5E59100DBbinary
MD5:94C966BF5B7B930530CD311AE7A13640
SHA256:1508BA8449EF1B49E11AFDD02EC5C1651467E50F366D717E0277C448E3C93F95
2948[email protected]C:\Users\admin\Documents\imageseach.rtf.6133A2928349ED47EAE20D7C5FE4195508C8D3EFE1F0ECD66255FBA5E59100DBbinary
MD5:A0B30BA2F2C058344D3912F0DFD4A4F0
SHA256:D973DB7CFA363D96CDDFF2D55BCD10C21A38E8A08848283D54F2506D0CCD5733
2948[email protected]C:\Users\admin\Documents\OneNote Notebooks\Personal\General.one.6133A2928349ED47EAE20D7C5FE4195508C8D3EFE1F0ECD66255FBA5E59100DBbinary
MD5:3661FC874027A73285345677B0473394
SHA256:2F8347479954026BF6F318F25E0D77F5FFE6F2CD2E8E3EE2C5340C8DD9A71AB8
2948[email protected]C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg.6133A2928349ED47EAE20D7C5FE4195508C8D3EFE1F0ECD66255FBA5E59100DBbinary
MD5:8B80276755DE87F38447A85791B36D4E
SHA256:BC88EEEBD37A7F4C86448E88F5259F0C5C29A9F5075018F7C7D6C81913D7BFDC
2948[email protected]C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini.6133A2928349ED47EAE20D7C5FE4195508C8D3EFE1F0ECD66255FBA5E59100DBbinary
MD5:8BCCD3A09CABEA709CB1CE2859D83AE6
SHA256:2208BD289EAF0C6860AAF208430CCF7A79DCF46757ED462F86CADCB8EFAA0863
2948[email protected]C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini.6133A2928349ED47EAE20D7C5FE4195508C8D3EFE1F0ECD66255FBA5E59100DBbinary
MD5:83A7D69B29C2E494B71E3491DB80C271
SHA256:90BA5F32F6A41E06C129198F8F36B6C54DAA8B93A1B8C4F8784776940EF68C8C
2948[email protected]C:\Users\admin\Documents\OneNote Notebooks\Personal\Open Notebook.onetoc2.6133A2928349ED47EAE20D7C5FE4195508C8D3EFE1F0ECD66255FBA5E59100DBbinary
MD5:97AFB7D5322C202101F7896B98DCD0EF
SHA256:8184BD2B3F869FF2E9D004B17A7EDD8FE9107FAF92FB986862F4F47EA692783F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
12
TCP/UDP connections
67
DNS requests
40
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3004
iexplore.exe
GET
200
172.217.22.67:80
http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D
US
der
468 b
whitelisted
2160
chrome.exe
GET
301
184.72.104.138:80
http://duck.com/
US
html
162 b
suspicious
3640
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
2756
iexplore.exe
GET
429
172.217.23.100:80
http://www.google.com/sorry/index?continue=http://google.co.ck/search%3Fq%3Dvinesauce%2Bmeme%2Bcollection&q=EgS52XUnGLTHvfkFIhkA8aeDS7SlQfeZxAr7gPUmlbXXya3vmhfsMgFy
US
html
2.83 Kb
whitelisted
2756
iexplore.exe
GET
302
172.217.23.100:80
http://google.co.ck/search?q=vinesauce+meme+collection
US
html
365 b
whitelisted
3004
iexplore.exe
GET
200
172.217.22.67:80
http://ocsp.pki.goog/gts1o1core/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEGq42E1AyJyECAAAAABNn3g%3D
US
der
471 b
whitelisted
3004
iexplore.exe
GET
302
172.217.23.100:80
http://google.co.ck/search?q=mcafee+vs+norton
US
html
356 b
whitelisted
3004
iexplore.exe
GET
200
172.217.22.67:80
http://ocsp.pki.goog/gts1o1core/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEDdE1cf4Gvu%2FAgAAAABzzNg%3D
US
der
471 b
whitelisted
3004
iexplore.exe
GET
429
172.217.23.100:80
http://www.google.com/sorry/index?continue=http://google.co.ck/search%3Fq%3Dmcafee%2Bvs%2Bnorton&q=EgS52XUnGJ_HvfkFIhkA8aeDSxQZ5C0SrYum7gKTqnyuLAo3lStMMgFy
US
html
2.80 Kb
whitelisted
3004
iexplore.exe
GET
200
172.217.22.67:80
http://ocsp.pki.goog/gts1o1core/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEDdE1cf4Gvu%2FAgAAAABzzNg%3D
US
der
471 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2160
chrome.exe
172.217.23.131:443
clientservices.googleapis.com
Google Inc.
US
whitelisted
2948
88.99.150.216:80
arizonacode.bplaced.net
Hetzner Online GmbH
DE
malicious
2160
chrome.exe
172.217.16.170:443
fonts.googleapis.com
Google Inc.
US
whitelisted
2160
chrome.exe
216.58.207.78:443
ogs.google.com
Google Inc.
US
whitelisted
2160
chrome.exe
216.58.210.13:443
accounts.google.com
Google Inc.
US
whitelisted
2160
chrome.exe
172.217.23.100:443
www.google.com
Google Inc.
US
whitelisted
2160
chrome.exe
172.217.22.110:443
clients2.google.com
Google Inc.
US
whitelisted
2160
chrome.exe
216.58.207.46:443
apis.google.com
Google Inc.
US
whitelisted
2160
chrome.exe
216.58.212.163:443
ssl.gstatic.com
Google Inc.
US
whitelisted
2160
chrome.exe
184.72.104.138:80
duck.com
Amazon.com, Inc.
US
unknown

DNS requests

Domain
IP
Reputation
arizonacode.bplaced.net
  • 88.99.150.216
malicious
clientservices.googleapis.com
  • 172.217.23.131
whitelisted
accounts.google.com
  • 216.58.210.13
shared
www.google.com
  • 172.217.23.100
whitelisted
fonts.googleapis.com
  • 172.217.16.170
whitelisted
www.gstatic.com
  • 172.217.23.131
whitelisted
fonts.gstatic.com
  • 172.217.23.131
whitelisted
apis.google.com
  • 216.58.207.46
whitelisted
ogs.google.com
  • 216.58.207.78
whitelisted
clients2.google.com
  • 172.217.22.110
whitelisted

Threats

Found threats are available for the paid subscriptions
1 ETPRO signatures available at the full report
No debug info