92f4be23fd098350031cbe2f661f90c7377d691eec91808636d415b9741b029a

Analysis

max time kernel
20s
max time network
8s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
02-06-2024 20:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NitroxLauncher.exe
Size

3.5MB
MD5

e801cd1a9af46b219768d79f7d2a2b98
SHA1

a2e939298aec1770b0079284b5bc275ba9cee517
SHA256

9c34793ccd4cde1297ed243858b6411305201b95e86d1e99cf493a9a51b88e5c
SHA512

48dee9078223881716bd1360881233b6a99df3c1f6063fe69784e77243ce55e988fea1365184de69b4f1724cd59ac02d6e8deaf7fbf00eae82301122c09e71ee
SSDEEP

98304:fUqYeHg1UsnKLycqQYcDcwuavRfFujF0NpIl:LU18yArhvRfFujaNOl

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1832	NitroxLauncher.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 1832 wrote to memory of 1076	1832	NitroxLauncher.exe	81
PID 1832 wrote to memory of 1076	1832	NitroxLauncher.exe	81

C:\Users\Admin\AppData\Local\Temp\NitroxLauncher.exe
"C:\Users\Admin\AppData\Local\Temp\NitroxLauncher.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1832
- C:\Users\Admin\AppData\Local\Temp\NitroxServer-Subnautica.exe
  "C:\Users\Admin\AppData\Local\Temp\NitroxServer-Subnautica.exe"
  2⤵
  PID:1076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1076-18-0x00000222D07F0000-0x00000222D0804000-memory.dmp

Filesize
80KB

Download
memory/1076-21-0x00007FFBA8EB0000-0x00007FFBA9972000-memory.dmp

Filesize
10.8MB

Download
memory/1076-20-0x00000222EACC0000-0x00000222EACFE000-memory.dmp

Filesize
248KB

Download
memory/1076-19-0x00000222D2430000-0x00000222D2464000-memory.dmp

Filesize
208KB

Download
memory/1832-6-0x0000024935DC0000-0x0000024935DCE000-memory.dmp

Filesize
56KB

Download
memory/1832-14-0x0000024951C60000-0x0000024951C98000-memory.dmp

Filesize
224KB

Download
memory/1832-0-0x00007FFBA8EB3000-0x00007FFBA8EB5000-memory.dmp

Filesize
8KB

Download
memory/1832-8-0x000002494E6D0000-0x000002494E6F2000-memory.dmp

Filesize
136KB

Download
memory/1832-7-0x00007FFBA8EB0000-0x00007FFBA9972000-memory.dmp

Filesize
10.8MB

Download
memory/1832-9-0x00007FFBA8EB0000-0x00007FFBA9972000-memory.dmp

Filesize
10.8MB

Download
memory/1832-10-0x000002494E700000-0x000002494E71C000-memory.dmp

Filesize
112KB

Download
memory/1832-11-0x000002494EC90000-0x000002494ECA6000-memory.dmp

Filesize
88KB

Download
memory/1832-12-0x0000024951BA0000-0x0000024951C5A000-memory.dmp

Filesize
744KB

Download
memory/1832-13-0x0000024950E10000-0x0000024950E18000-memory.dmp

Filesize
32KB

Download
memory/1832-15-0x0000024950EC0000-0x0000024950ECE000-memory.dmp

Filesize
56KB

Download
memory/1832-5-0x0000024935DB0000-0x0000024935DB8000-memory.dmp

Filesize
32KB

Download
memory/1832-16-0x00007FFBA8EB0000-0x00007FFBA9972000-memory.dmp

Filesize
10.8MB

Download
memory/1832-4-0x000002494E4B0000-0x000002494E4D6000-memory.dmp

Filesize
152KB

Download
memory/1832-3-0x00007FFBA8EB0000-0x00007FFBA9972000-memory.dmp

Filesize
10.8MB

Download
memory/1832-2-0x000002494E4F0000-0x000002494E52E000-memory.dmp

Filesize
248KB

Download
memory/1832-1-0x0000024933C20000-0x0000024933F9A000-memory.dmp

Filesize
3.5MB

Download
memory/1832-22-0x00007FFBA8EB3000-0x00007FFBA8EB5000-memory.dmp

Filesize
8KB

Download
memory/1832-23-0x00007FFBA8EB0000-0x00007FFBA9972000-memory.dmp

Filesize
10.8MB

Download
memory/1832-24-0x00007FFBA8EB0000-0x00007FFBA9972000-memory.dmp

Filesize
10.8MB

Download
memory/1832-25-0x00007FFBA8EB0000-0x00007FFBA9972000-memory.dmp

Filesize
10.8MB

Download
memory/1832-26-0x00007FFBA8EB0000-0x00007FFBA9972000-memory.dmp

Filesize
10.8MB

Download