Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
141s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
11/07/2023, 00:35
Static task
static1
Behavioral task
behavioral1
Sample
Manhunt2.exe
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
Manhunt2.exe
Resource
win10v2004-20230703-en
General
-
Target
Manhunt2.exe
-
Size
3.1MB
-
MD5
1fc192736e54c23585e82ee8d1057af9
-
SHA1
9a7053ada233b3aeb2433509dbeba9c45b086cbc
-
SHA256
f90f02454240d09058d0cc8e975d741652bfbea6e1de9e5e61c0fdbafb685441
-
SHA512
a243f57ad312b816d1f37312f56d027cbf98db0174522e18bace932828c695ed1b2bfc511b02f7e34bb8707d3078219f84d1f24bfaab1f609368bc2e83f2045d
-
SSDEEP
24576:n8qvkZUeUAvWT2jmmX1agk90I/nyf63EZOpzx8pViAdQWyY0xq3yugnyePC2lZom:nDkiesT5mTwhmcxY0UGcrWBPlbs94ZA+
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeManageVolumePrivilege 4140 svchost.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Manhunt2.exe"C:\Users\Admin\AppData\Local\Temp\Manhunt2.exe"1⤵PID:2176
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe1⤵PID:4700
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k UnistackSvcGroup1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4140
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
16KB
MD54ddb9f8206ed1e281a5650f33c836443
SHA18b31e1bbe5a312a29d791f7542896c18def33b7e
SHA25692095c90092fcb5228bcf27bc78cb26b25f6e922a875119fea0998f05207dace
SHA5123c8d32e5f8950c829ff0b290981edb78c76445781479d511e8f8bd6dd5d255777b95f0eff07edd4ba18c3ca4b169147c76892c91f229e5f2011e39aaaf66cf78