78fca73624584a0654fd0f5ffec1a221c2e1ce422c6de8595e7bf5822000073a

Resubmissions

03-08-2024 21:51

max time kernel
16s
max time network
17s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
03-08-2024 21:51

Target

Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
Size

1.2MB
MD5

0255b7d6d031f790d7337688e6dd2030
SHA1

3257160d46ad68cee9e50c4e642220425414f199
SHA256

78fca73624584a0654fd0f5ffec1a221c2e1ce422c6de8595e7bf5822000073a
SHA512

fe7d66c5b0fe8081b3a89198ecfcb9c38123800b60d6d1b1c0c6c958c6deb549dfd2f19038d05013bd1f0ef8d8e3a080013c959866bc50aab33f538850150c24
SSDEEP

24576:vIrD450Q09Pmt8KYfKeskLpzbBSo3sYDSR95bJ7:+c0nPIrNKV9m5V7

Score

1^/10

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe

pid process

1984 Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
1984 Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe

description pid process

Token: SeDebugPrivilege 1984 Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe

pid	process
1984	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
1984	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe

description	pid	process
Token: SeDebugPrivilege	1984	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe

description	pid	process	target process
PID 1984 wrote to memory of 2804	1984	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe	WerFault.exe
PID 1984 wrote to memory of 2804	1984	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe	WerFault.exe
PID 1984 wrote to memory of 2804	1984	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
"C:\Users\Admin\AppData\Local\Temp\Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1984
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1984 -s 824
  2⤵
  PID:2804

memory/1984-0-0x000007FEF6543000-0x000007FEF6544000-memory.dmp

Filesize
4KB

Download
memory/1984-1-0x0000000000470000-0x00000000004AE000-memory.dmp

Filesize
248KB

Download
memory/1984-2-0x000007FEF6540000-0x000007FEF6F2C000-memory.dmp

Filesize
9.9MB

Download
memory/1984-3-0x000007FEF6540000-0x000007FEF6F2C000-memory.dmp

Filesize
9.9MB

Download
memory/1984-4-0x000007FEF6540000-0x000007FEF6F2C000-memory.dmp

Filesize
9.9MB

Download
memory/1984-5-0x000007FEF6540000-0x000007FEF6F2C000-memory.dmp

Filesize
9.9MB

Download
memory/1984-9-0x000007FEF6540000-0x000007FEF6F2C000-memory.dmp

Filesize
9.9MB

Download
memory/1984-10-0x000007FEF6540000-0x000007FEF6F2C000-memory.dmp

Filesize
9.9MB

Download