a9027c6070365053c3cb91261991c71f1d3a63707df8467e413847f344b3af4d

Analysis

max time kernel
223s
max time network
313s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
18-09-2022 14:13

Target

TrashMalwares-main/TEMZ.exe
Size

145KB
MD5

e6168901057164d16298ef87a38efa66
SHA1

6299e0d6fdd292a49a881292cadfec443ed98825
SHA256

d67b2b20d9400ffb4415cb0ea40bd5d4652c662957cadd090d103f2976c12f4a
SHA512

4aecffe0e84d706ffc7c7535ade9ef0b5f51f3aca7b8e579ac2fd178685fd068662b79b3c5fd3acc312d6504d900591944c84e9c141c3ffd1b61aa8970fe0bec
SSDEEP

1536:+X1x1vlxaCFPIwM1vAkiaAtSjnfF53q0kQAHNIsWBqCJcdGzgs+mjkIeoSLVlDao:+pWwM1IpDtSjfrEt1FGzgs+aJQtsc

Score

1^/10

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

TEMZ.exe

pid process

4480 TEMZ.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

AUDIODG.EXE

description pid process

Token: 33 1312 AUDIODG.EXE
Token: SeIncBasePriorityPrivilege 1312 AUDIODG.EXE

pid	process
4480	TEMZ.exe

description	pid	process
Token: 33	1312	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1312	AUDIODG.EXE

C:\Users\Admin\AppData\Local\Temp\TrashMalwares-main\TEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\TrashMalwares-main\TEMZ.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:4480

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x454 0x4b4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1312