Overview

overview

7

Static

static

3

Nitrox_1.7.1.0.zip

windows11-21h2-x64

7

lib/Newton...on.dll

windows11-21h2-x64

1

lib/NitroxClient.dll

windows11-21h2-x64

1

lib/NitroxClient.pdb

windows11-21h2-x64

3

lib/Nitrox...ca.dll

windows11-21h2-x64

1

lib/Nitrox...ca.pdb

windows11-21h2-x64

3

lib/NitroxModel.dll

windows11-21h2-x64

1

lib/NitroxModel.pdb

windows11-21h2-x64

3

lib/NitroxPatcher.dll

windows11-21h2-x64

1

lib/Nitrox...ll.xml

windows11-21h2-x64

1

lib/NitroxPatcher.pdb

windows11-21h2-x64

3

lib/NitroxServer.dll

windows11-21h2-x64

1

lib/Nitrox...ll.xml

windows11-21h2-x64

1

lib/NitroxServer.pdb

windows11-21h2-x64

3

lib/Serilo...nc.dll

windows11-21h2-x64

1

lib/Serilo...le.dll

windows11-21h2-x64

1

lib/Serilo...ap.dll

windows11-21h2-x64

1

lib/Serilog.dll

windows11-21h2-x64

1

lib/System...rs.dll

windows11-21h2-x64

1

lib/System...on.dll

windows11-21h2-x64

1

lib/System...ol.dll

windows11-21h2-x64

1

lib/System.Memory.dll

windows11-21h2-x64

1

lib/System...rs.dll

windows11-21h2-x64

1

lib/System...fe.dll

windows11-21h2-x64

1

lib/System...ol.dll

windows11-21h2-x64

1

lib/System...ws.dll

windows11-21h2-x64

1

lib/ToastN...es.dll

windows11-21h2-x64

1

lib/ToastN...ns.dll

windows11-21h2-x64

1

lib/Window...er.dll

windows11-21h2-x64

1

lib/discor...dk.dll

windows11-21h2-x64

1

lib/dnlib.dll

windows11-21h2-x64

1

lib/protobuf-net.dll

windows11-21h2-x64

1

Analysis

  • max time kernel
    93s
  • max time network
    93s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    14-12-2024 16:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Nitrox_1.7.1.0.zip

  • Size

    7.8MB

  • MD5

    f7d25be0395feec244bc865acfa07043

  • SHA1

    b3c74c8b4f3a2ac065ee8953c6ead832b2868e5d

  • SHA256

    92f4be23fd098350031cbe2f661f90c7377d691eec91808636d415b9741b029a

  • SHA512

    8efd8d687847b760c789cbe03313257543cb6b557b800c1c5e509754ae49a9dc18b05a5d62d1338298ec6cddd8166e7428479f7047feb6b221bfa1853db72a29

  • SSDEEP

    196608:Wm/qcR6luQIsgHFFz+iT9iU4l6iHWCgczkWBu+ie3JWq92INOF:d/qc0lrSFp+JmEzkWB7iewq9OF

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
    adwarespyware
  • Modifies registry class 2 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 21 IoCs
  • Suspicious use of SendNotifyMessage 16 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Nitrox_1.7.1.0.zip"
    1⤵
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:1472
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:1476
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Downloads\PopPing.gif
      1⤵
      • System Network Configuration Discovery: Internet Connection Discovery
      • Modifies Internet Explorer settings
      PID:424
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
      1⤵
      • Modifies Internet Explorer settings
      PID:4592
    • C:\Program Files\VideoLAN\VLC\vlc.exe
      "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\GroupBlock.mp4"
      1⤵
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:1748
    • C:\Program Files\VideoLAN\VLC\vlc.exe
      "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\GroupBlock.mp4"
      1⤵
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:4688
    • C:\Users\Admin\Downloads\NitroxLauncher.exe
      "C:\Users\Admin\Downloads\NitroxLauncher.exe"
      1⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      PID:4632

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\LanguageFiles\ja.json
      Filesize

      4B

      MD5

      c443b04d0fc26b0a5a4573a78e0082a1

      SHA1

      3c957535345645dce7190b85eb10b39da96b2518

      SHA256

      e3566b3a06430868d71e9287dfd6c6c520a3da027aabea01951d407ee131dc2f

      SHA512

      7bbf6dac485c9e59d02edabc91ff5b15bc1319cef6905c0077ee16e3b1f572b61bff85f2400bc0f5b4aeab0260bd5d68787d72c7a688d79192952f7957a44de3

      Download Submit

    • C:\Users\Admin\AppData\Roaming\vlc\ml.xspf
      Filesize

      304B

      MD5

      781602441469750c3219c8c38b515ed4

      SHA1

      e885acd1cbd0b897ebcedbb145bef1c330f80595

      SHA256

      81970dbe581373d14fbd451ac4b3f96e5f69b79645f1ee1ca715cff3af0bf20d

      SHA512

      2b0a1717d96edb47bdf0ffeb250a5ec11f7d0638d3e0a62fbe48c064379b473ca88ffbececb32a72129d06c040b107834f1004ccda5f0f35b8c3588034786461

      Download Submit

    • C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini
      Filesize

      526B

      MD5

      2a02483605861138a4f8524056818cc0

      SHA1

      e2af7412aaf8ffda906b00c5b70c540901fbf786

      SHA256

      c6531e26dbad624729688065a1e201f5b4ed7f5895a34fe4a57fcac1122be241

      SHA512

      8facbe23b9e1172791ec0b35fd727f35fb13087142536b480b2eb00d0f1e40bf735f1d007e9a3c1cae252aeeb906270e368e8c235ec62a4d93b31cadbea9407b

      Download Submit

    • C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini
      Filesize

      569B

      MD5

      6a880d04dad6c333725c127f100241db

      SHA1

      1f7de3ab203ab76befaf4bc31b1ebb543820b8e7

      SHA256

      dba683ca1d3cb934870a1c1b2c96d0b966c24d4f37f85cdd2ef890152d195bca

      SHA512

      fda1ee176068beab854b82a428cecb394d9f326a30f6d81d8757e67f68daaf642d338febfdd529d8981ca604c8689f7dbec722aed080b69897b6861ac1089dff

      Download Submit

    • C:\Users\Admin\AppData\Roaming\vlc\vlcrc
      Filesize

      94KB

      MD5

      7b37c4f352a44c8246bf685258f75045

      SHA1

      817dacb245334f10de0297e69c98b4c9470f083e

      SHA256

      ec45f6e952b43eddc214dba703cf7f31398f3c9f535aad37f42237c56b9b778e

      SHA512

      1e8d675b3c6c9ba257b616da268cac7f1c7a9db12ffb831ed5f8d43c0887d711c197ebc9daf735e3da9a0355bf21c2b29a2fb38a46482a2c5c8cd5628fea4c02

      Download Submit

    • C:\Users\Admin\Downloads\NitroxLauncher.exe
      Filesize

      3.5MB

      MD5

      e801cd1a9af46b219768d79f7d2a2b98

      SHA1

      a2e939298aec1770b0079284b5bc275ba9cee517

      SHA256

      9c34793ccd4cde1297ed243858b6411305201b95e86d1e99cf493a9a51b88e5c

      SHA512

      48dee9078223881716bd1360881233b6a99df3c1f6063fe69784e77243ce55e988fea1365184de69b4f1724cd59ac02d6e8deaf7fbf00eae82301122c09e71ee

      Download Submit

    • C:\Users\Admin\Downloads\NitroxLauncher.exe.config
      Filesize

      2KB

      MD5

      07a0a619101800cc15c38b1494ab87ca

      SHA1

      4c1dbcc4390d83503e2642afeb81292c214642e9

      SHA256

      749b8184de2e12e47bc7b0140840a392423a9e0b07a7f20afa54c237f61ee111

      SHA512

      e22a0ad49e3bf7985c40d76b5b389f75eaab7165ca6811c0a173f64359f06d1276fec9e285f2aa8bfbed0f7cf9aa02ce614138689bec66c1fe09a552343e121e

      Download Submit

    • C:\Users\Admin\Downloads\lib\LitJSON.dll
      Filesize

      60KB

      MD5

      0618e6e6e60c78b3dfe4933d487102a0

      SHA1

      01fb560ceaeb1e1f63f3334eb9562140abb595d8

      SHA256

      b13efed121cc3a76c859d3241684881a9c5a6fab12a9a91e86fc5d108c8dc40b

      SHA512

      6796e63c0d83ff2c68ecb2a90b1ffbb1707410831353ad0c31c592cc2bdd569122e16d786e0f048e4ee3efae9a90360742fa152c754e75dd233f848491efde1d

      Download Submit

    • C:\Users\Admin\Downloads\lib\NitroxModel.dll
      Filesize

      224KB

      MD5

      a9f052f7b1f8ca4e5ed949c881b38ec8

      SHA1

      2c751c2214409fe911db9330d646b8e1965e2ff7

      SHA256

      6bf03b400e80d210108f51884adc8bfa038cf4d2f17dee64e4746642684f771c

      SHA512

      9e1371358ef8232441876bda815deb8c35276d92c9962308448a366dbf860576f4f6c84328007217448261c597593cc9185141a927fdad4b4f4e705207b9daa7

      Download Submit

    • C:\Users\Admin\Downloads\lib\Serilog.Sinks.Async.dll
      Filesize

      9KB

      MD5

      44feed047bde92dbd84b3c63d8296b0a

      SHA1

      98492e2eac15898b49b37e0bc35aca6e1706298d

      SHA256

      4b81bbdaedc06cf231f810b6eb494401c86a30eee8679db3bea2f86485b20ced

      SHA512

      932a62c2ed84ade0de8b443f8d247d79dd2aa7c8a3652d95c680a06f789e95e019a300e5a261b143f673985c2ebed59a9815798725ff92d11107ceec0e9e426d

      Download Submit

    • C:\Users\Admin\Downloads\lib\Serilog.Sinks.File.dll
      Filesize

      32KB

      MD5

      c25357a7950dcfc7f85ee9d593cb1a24

      SHA1

      6a533712852465ab3c11b5c76004312d6482f07f

      SHA256

      5b70dc2eeceb1963f9c3690c1cc8ffa793b280e903fa9a31780e6a7bb0bdfcf9

      SHA512

      30ca628b17b2a51bd9974fe1380caf728e7826c2bb552e4bc5ac15be8f819e908fc1744932db23734fec64e0f2c758372d8c49d019407efdfb076133c6df70c6

      Download Submit

    • C:\Users\Admin\Downloads\lib\Serilog.dll
      Filesize

      123KB

      MD5

      0aa45a8a1cd24cd2b589e4aad925f35d

      SHA1

      0dc29954c4c2ffea4c33af0e56ce84158849b81e

      SHA256

      7a26a473af5eb7a00196e275c86d773f36e1d4caef566f97f1df7e07e20b1670

      SHA512

      7a865b16633c09bdecda34fdf15c62db4f04f2fb8db0abf57563aea51de67daf9eca0c08f053f551937a0c3c7987a53de2454ecb13139a193291633df7262981

      Download Submit

    • C:\Users\Admin\Downloads\lib\ToastNotifications.Messages.dll
      Filesize

      88KB

      MD5

      e64aa8aa12f16c7397d95683206cb70a

      SHA1

      8172b8bc3b027f36ba1182abf26609d7e401e4f8

      SHA256

      556dc81ceda593f828ec08ecf408b92686cf0cf14df4f04da3c9c83f80cce474

      SHA512

      1f3bc239f9cef7ea4baf6fb6524ca6aa71a6dcc3127b7da8b2dcfa46181e2e2a9a1f58ec026b3a49fb1d50157748795ba6b8dd83f81353f481fb50bb3693f743

      Download Submit

    • C:\Users\Admin\Downloads\lib\ToastNotifications.dll
      Filesize

      107KB

      MD5

      ce4c69d4ba73105bf8eff333ff8d265b

      SHA1

      28549362058bce91dcad5a13993f4f4b26f17530

      SHA256

      ed1297117c8dba2b3880246721af5b74c6ae16d745bea176adbeefc1ee75f2fb

      SHA512

      adc3c6f4d6a70814eb665039f2ee8387522475ed90017d72a37a0a381bdd3d5dbfd2a5cf26afa01f53d0bc312ca568ebdb7d245cdb21f0808d021a92b450b624

      Download Submit

    • memory/1748-218-0x00007FFCB8C70000-0x00007FFCB8CA4000-memory.dmp

      Filesize

      208KB

      Download

    • memory/1748-220-0x00007FFCA5AC0000-0x00007FFCA6B70000-memory.dmp

      Filesize

      16.7MB

      Download

    • memory/1748-219-0x00007FFCA6FB0000-0x00007FFCA7266000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/1748-217-0x00007FF7946A0000-0x00007FF794798000-memory.dmp

      Filesize

      992KB

      Download

    • memory/4632-449-0x000002598B480000-0x000002598B7FA000-memory.dmp

      Filesize

      3.5MB

      Download

    • memory/4632-464-0x00000259A9360000-0x00000259A941A000-memory.dmp

      Filesize

      744KB

      Download

    • memory/4632-455-0x000002598D5A0000-0x000002598D5A8000-memory.dmp

      Filesize

      32KB

      Download

    • memory/4632-451-0x000002598D6A0000-0x000002598D6DE000-memory.dmp

      Filesize

      248KB

      Download

    • memory/4632-453-0x000002598D6E0000-0x000002598D706000-memory.dmp

      Filesize

      152KB

      Download

    • memory/4632-457-0x000002598D5B0000-0x000002598D5BE000-memory.dmp

      Filesize

      56KB

      Download

    • memory/4632-466-0x00000259A6750000-0x00000259A6788000-memory.dmp

      Filesize

      224KB

      Download

    • memory/4632-459-0x000002598D710000-0x000002598D732000-memory.dmp

      Filesize

      136KB

      Download

    • memory/4632-467-0x00000259A6720000-0x00000259A672E000-memory.dmp

      Filesize

      56KB

      Download

    • memory/4632-461-0x00000259A6170000-0x00000259A618C000-memory.dmp

      Filesize

      112KB

      Download

    • memory/4632-465-0x00000259A6240000-0x00000259A6248000-memory.dmp

      Filesize

      32KB

      Download

    • memory/4632-463-0x00000259A6190000-0x00000259A61A6000-memory.dmp

      Filesize

      88KB

      Download

    • memory/4688-242-0x00007FF7946A0000-0x00007FF794798000-memory.dmp

      Filesize

      992KB

      Download

    • memory/4688-244-0x00007FFCA6FB0000-0x00007FFCA7266000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/4688-245-0x00007FFCA67F0000-0x00007FFCA68FE000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/4688-243-0x00007FFCB8C70000-0x00007FFCB8CA4000-memory.dmp

      Filesize

      208KB

      Download