Resubmissions
03-08-2024 21:51
240803-1qs1fawfjk 10Analysis
-
max time kernel
16s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
03-08-2024 21:51
Behavioral task
behavioral1
Sample
Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
Resource
win7-20240705-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
11 signatures
150 seconds
General
-
Target
Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
-
Size
1.2MB
-
MD5
0255b7d6d031f790d7337688e6dd2030
-
SHA1
3257160d46ad68cee9e50c4e642220425414f199
-
SHA256
78fca73624584a0654fd0f5ffec1a221c2e1ce422c6de8595e7bf5822000073a
-
SHA512
fe7d66c5b0fe8081b3a89198ecfcb9c38123800b60d6d1b1c0c6c958c6deb549dfd2f19038d05013bd1f0ef8d8e3a080013c959866bc50aab33f538850150c24
-
SSDEEP
24576:vIrD450Q09Pmt8KYfKeskLpzbBSo3sYDSR95bJ7:+c0nPIrNKV9m5V7
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1984 Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe 1984 Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1984 Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1984 wrote to memory of 2804 1984 Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe 30 PID 1984 wrote to memory of 2804 1984 Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe 30 PID 1984 wrote to memory of 2804 1984 Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe"C:\Users\Admin\AppData\Local\Temp\Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1984 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1984 -s 8242⤵PID:2804
-