Analysis
-
max time kernel
132s -
max time network
138s -
platform
windows10-1703_x64 -
resource
win10-20240404-es -
resource tags
-
submitted
17/06/2024, 18:02 UTC
General
-
Target
NitroxLauncher.exe
-
Size
3.5MB
-
MD5
e801cd1a9af46b219768d79f7d2a2b98
-
SHA1
a2e939298aec1770b0079284b5bc275ba9cee517
-
SHA256
9c34793ccd4cde1297ed243858b6411305201b95e86d1e99cf493a9a51b88e5c
-
SHA512
48dee9078223881716bd1360881233b6a99df3c1f6063fe69784e77243ce55e988fea1365184de69b4f1724cd59ac02d6e8deaf7fbf00eae82301122c09e71ee
-
SSDEEP
98304:fUqYeHg1UsnKLycqQYcDcwuavRfFujF0NpIl:LU18yArhvRfFujaNOl
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NitroxLauncher.exe"C:\Users\Admin\AppData\Local\Temp\NitroxLauncher.exe"1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
Network
-
DNSnitrox.rux.ggRemote address:8.8.8.8:53Requestnitrox.rux.ggIN AResponsenitrox.rux.ggIN A172.67.136.44nitrox.rux.ggIN A104.21.62.133 -
DNSnitroxblog.rux.ggRemote address:8.8.8.8:53Requestnitroxblog.rux.ggIN AResponsenitroxblog.rux.ggIN A172.67.136.44nitroxblog.rux.ggIN A104.21.62.133
-
GEThttps://nitrox.rux.gg/api/version/latestRemote address:172.67.136.44:443RequestGET /api/version/latest HTTP/1.1
User-Agent: NitroxLauncher
Content-Type: application/json
Host: nitrox.rux.gg
Cache-Control: max-age=86400
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Date: Tue, 18 Jun 2024 16:15:55 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, private
Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nNS0DQVnAJp7tGxjBbF1O6LxVTIEbu6nWBymlM%2BR12rrgkPmC8chU4KTXKVO5QNbyQZ46M8eGFJ2NTN6TS0paBWA7MvtuPrUHTK2ad8fh45YXPYkniwq7zf9ZM%2BPjy40"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 895c94b508596331-LHR
alt-svc: h3=":443"; ma=86400
-
GEThttps://nitrox.rux.gg/api/changelog/releasesRemote address:172.67.136.44:443RequestGET /api/changelog/releases HTTP/1.1
User-Agent: NitroxLauncher
Content-Type: application/json
Host: nitrox.rux.gg
Cache-Control: max-age=86400
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Date: Tue, 18 Jun 2024 16:15:55 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, private
Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8riZKy0CQ4nNGrLxDHiRj0ZJvCzOqvUL6Ui07qPEOSpivxHaqWlBK2wBRicxJTEclbpVx9aFVL4S%2B0O7Hep08FXHrbXqy4thoyYvCK8Sa9A5MtPpE6U67yEDoLD4p9Ot"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 895c94b4f8c8944e-LHR
alt-svc: h3=":443"; ma=86400
-
GEThttps://nitroxblog.rux.gg/wp-json/wp/v2/posts?per_page=8&page=1Remote address:172.67.136.44:443RequestGET /wp-json/wp/v2/posts?per_page=8&page=1 HTTP/1.1
User-Agent: NitroxLauncher
Content-Type: application/json
Host: nitroxblog.rux.gg
Cache-Control: max-age=86400
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Date: Tue, 18 Jun 2024 16:15:56 GMT
Content-Type: application/json; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Robots-Tag: noindex
X-Content-Type-Options: nosniff
Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link
Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
X-WP-Total: 13
X-WP-TotalPages: 2
Link: <https://nitroxblog.rux.gg/wp-json/wp/v2/posts?per_page=8&page=2>; rel="next"
Allow: GET
Vary: Origin,Accept-Encoding
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2xMeZXti9dqo6iqyM15Z2o1tmijD4nEbdt2%2BPFsw8%2BpTh6kZ187MqVh2rHVdOMFy3pcetT%2FZQRknRqe3l8p8RPLmh6LBJ0c3W9A%2BHp%2FN4JfcRWiOhl5O%2BWjeVTdirRNKTYtHHg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 895c94b4fc516365-LHR
alt-svc: h3=":443"; ma=86400
-
DNS44.136.67.172.in-addr.arpaRemote address:8.8.8.8:53Request44.136.67.172.in-addr.arpaIN PTRResponse
-
DNS11.227.111.52.in-addr.arpaRemote address:8.8.8.8:53Request11.227.111.52.in-addr.arpaIN PTRResponse
-
172.67.136.44:443https://nitrox.rux.gg/api/version/latesttls, http
HTTP Request
GET https://nitrox.rux.gg/api/version/latestHTTP Response
200 -
172.67.136.44:443https://nitrox.rux.gg/api/changelog/releasestls, http
HTTP Request
GET https://nitrox.rux.gg/api/changelog/releasesHTTP Response
200 -
172.67.136.44:443https://nitroxblog.rux.gg/wp-json/wp/v2/posts?per_page=8&page=1tls, http
HTTP Request
GET https://nitroxblog.rux.gg/wp-json/wp/v2/posts?per_page=8&page=1HTTP Response
200
-
8.8.8.8:53nitrox.rux.ggdns
DNS Request
nitrox.rux.gg
DNS Response
172.67.136.44104.21.62.133
-
8.8.8.8:53nitroxblog.rux.ggdns
DNS Request
nitroxblog.rux.gg
DNS Response
172.67.136.44104.21.62.133
-
8.8.8.8:5344.136.67.172.in-addr.arpadns
DNS Request
44.136.67.172.in-addr.arpa
-
8.8.8.8:5311.227.111.52.in-addr.arpadns
DNS Request
11.227.111.52.in-addr.arpa
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
3.5MB
-
Filesize
248KB
-
Filesize
9.9MB
-
Filesize
152KB
-
Filesize
32KB
-
Filesize
9.9MB
-
Filesize
56KB
-
Filesize
136KB
-
Filesize
9.9MB
-
Filesize
1.0MB
-
Filesize
280KB
-
Filesize
112KB
-
Filesize
88KB
-
Filesize
128KB
-
Filesize
736KB
-
Filesize
32KB
-
Filesize
224KB
-
Filesize
9.9MB
-
Filesize
56KB
-
Filesize
9.9MB
-
Filesize
9.9MB
-
Filesize
32KB
-
Filesize
4KB
-
Filesize
552KB
-
Filesize
128KB
-
Filesize
9.9MB
-
Filesize
9.9MB
-
Filesize
9.9MB
-
Filesize
9.9MB