92f4be23fd098350031cbe2f661f90c7377d691eec91808636d415b9741b029a

Analysis

max time kernel
105s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
27/01/2025, 23:30 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NitroxLauncher.exe
Size

3.5MB
MD5

e801cd1a9af46b219768d79f7d2a2b98
SHA1

a2e939298aec1770b0079284b5bc275ba9cee517
SHA256

9c34793ccd4cde1297ed243858b6411305201b95e86d1e99cf493a9a51b88e5c
SHA512

48dee9078223881716bd1360881233b6a99df3c1f6063fe69784e77243ce55e988fea1365184de69b4f1724cd59ac02d6e8deaf7fbf00eae82301122c09e71ee
SSDEEP

98304:fUqYeHg1UsnKLycqQYcDcwuavRfFujF0NpIl:LU18yArhvRfFujaNOl

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1808	NitroxLauncher.exe

C:\Users\Admin\AppData\Local\Temp\NitroxLauncher.exe
"C:\Users\Admin\AppData\Local\Temp\NitroxLauncher.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1808

Network

DNS

nitroxblog.rux.gg

NitroxLauncher.exe

Remote address:

8.8.8.8:53

Request

nitroxblog.rux.gg

IN A

Response

nitroxblog.rux.gg

IN A

104.21.62.133

nitroxblog.rux.gg

IN A

172.67.136.44
DNS

nitrox.rux.gg

NitroxLauncher.exe

Remote address:

8.8.8.8:53

Request

nitrox.rux.gg

IN A

Response

nitrox.rux.gg

IN A

172.67.136.44

nitrox.rux.gg

IN A

104.21.62.133
GET

https://nitroxblog.rux.gg/wp-json/wp/v2/posts?per_page=8&page=1

NitroxLauncher.exe

Remote address:

104.21.62.133:443

Request

GET /wp-json/wp/v2/posts?per_page=8&page=1 HTTP/1.1
User-Agent: NitroxLauncher
Content-Type: application/json
Host: nitroxblog.rux.gg
Cache-Control: max-age=86400
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 27 Jan 2025 23:31:05 GMT
Content-Type: application/json; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Robots-Tag: noindex
X-Content-Type-Options: nosniff
Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link
Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
X-WP-Total: 13
X-WP-TotalPages: 2
Link: <https://nitroxblog.rux.gg/wp-json/wp/v2/posts?per_page=8&page=2>; rel="next"
Allow: GET
Vary: Origin,Accept-Encoding
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OKJz2BnliVa5kfPaaO%2B9u7zuRlWbQd0B5t%2FbcqiXdam5wp1UHinBQ33uu6DQbPF6oa6pL%2Be1Jp5wj5B0ROPDYyWpkak5UCy9e0v%2FODpjRzsbuof%2BaOmQb2yp505k0rOlJEC0kQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 908c88c4efe5ef44-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=30892&min_rtt=30892&rtt_var=15446&sent=8&recv=5&lost=0&retrans=2&sent_bytes=3232&recv_bytes=495&delivery_rate=14242&cwnd=253&unsent_bytes=0&cid=84b3127974d543d7&ts=1069&x=0"
GET

https://nitrox.rux.gg/api/version/latest

NitroxLauncher.exe

Remote address:

172.67.136.44:443

Request

GET /api/version/latest HTTP/1.1
User-Agent: NitroxLauncher
Content-Type: application/json
Host: nitrox.rux.gg
Cache-Control: max-age=86400
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 27 Jan 2025 23:31:05 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, private
Access-Control-Allow-Origin: *
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ViChWGaHk11eTudv%2Fr7tRH%2BHuRBnVt0jsqStUwYmOQnFKFR%2FQ81Whgg5u%2BVWz1d%2BwsAqv6yvRJu6h9z3CTCXmQOYJMzuyw%2F1GMrIumCByuYA1CQCSkPZ2jUhjy2Bt7M0"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 908c88c64fb6cd1e-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=30723&min_rtt=30723&rtt_var=15361&sent=10&recv=7&lost=0&retrans=3&sent_bytes=3490&recv_bytes=468&delivery_rate=49691&cwnd=254&unsent_bytes=0&cid=97ff504fecc5c4ae&ts=866&x=0"
GET

https://nitrox.rux.gg/api/changelog/releases

NitroxLauncher.exe

Remote address:

172.67.136.44:443

Request

GET /api/changelog/releases HTTP/1.1
User-Agent: NitroxLauncher
Content-Type: application/json
Host: nitrox.rux.gg
Cache-Control: max-age=86400
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 27 Jan 2025 23:31:08 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, private
Access-Control-Allow-Origin: *
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=34hN%2FJDWneWjZ4VCe9KEMIeltWh%2BHuQOwOl2xISoAlgdeK2xcZfG34hsvuiJLeGIdQYwhBDJkFMydnWZN7ORw0btCY6B6nWHVzicfjffcAJp8HrrUe%2FNsmSasdqGzUHW"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 908c88dbcfe9940b-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=33332&min_rtt=33332&rtt_var=16666&sent=10&recv=8&lost=0&retrans=4&sent_bytes=5101&recv_bytes=472&delivery_rate=37797&cwnd=254&unsent_bytes=0&cid=0bd7ecb31fbb7d07&ts=4305&x=0"
DNS

133.62.21.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.62.21.104.in-addr.arpa

IN PTR

Response
DNS

133.62.21.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.62.21.104.in-addr.arpa

IN PTR
DNS

44.136.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

44.136.67.172.in-addr.arpa

IN PTR

Response
DNS

44.136.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

44.136.67.172.in-addr.arpa

IN PTR
DNS

154.239.44.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

154.239.44.20.in-addr.arpa

IN PTR

Response
DNS

154.239.44.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

154.239.44.20.in-addr.arpa

IN PTR
DNS

181.129.81.91.in-addr.arpa

Remote address:

8.8.8.8:53

Request

181.129.81.91.in-addr.arpa

IN PTR

Response
DNS

181.129.81.91.in-addr.arpa

Remote address:

8.8.8.8:53

Request

181.129.81.91.in-addr.arpa

IN PTR
DNS

181.129.81.91.in-addr.arpa

Remote address:

8.8.8.8:53

Request

181.129.81.91.in-addr.arpa

IN PTR
DNS

181.129.81.91.in-addr.arpa

Remote address:

8.8.8.8:53

Request

181.129.81.91.in-addr.arpa

IN PTR
DNS

74.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

74.32.126.40.in-addr.arpa

IN PTR

Response
DNS

74.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

74.32.126.40.in-addr.arpa

IN PTR
DNS

74.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

74.32.126.40.in-addr.arpa

IN PTR
DNS

7.98.51.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

7.98.51.23.in-addr.arpa

IN PTR

Response

7.98.51.23.in-addr.arpa

IN PTR

a23-51-98-7deploystaticakamaitechnologiescom
DNS

104.219.191.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

104.219.191.52.in-addr.arpa

IN PTR

Response
DNS

212.20.149.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

212.20.149.52.in-addr.arpa

IN PTR

Response
DNS

133.211.185.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.211.185.52.in-addr.arpa

IN PTR

Response
DNS

15.164.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

15.164.165.52.in-addr.arpa

IN PTR

Response
DNS

166.190.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

166.190.18.2.in-addr.arpa

IN PTR

Response

166.190.18.2.in-addr.arpa

IN PTR

a2-18-190-166deploystaticakamaitechnologiescom
DNS

166.190.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

166.190.18.2.in-addr.arpa

IN PTR
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response

104.21.62.133:443

https://nitroxblog.rux.gg/wp-json/wp/v2/posts?per_page=8&page=1

tls, http

NitroxLauncher.exe

8.3kB
219.0kB
146
173

HTTP Request

GET https://nitroxblog.rux.gg/wp-json/wp/v2/posts?per_page=8&page=1

HTTP Response

200
172.67.136.44:443

https://nitrox.rux.gg/api/version/latest

tls, http

NitroxLauncher.exe

1.2kB
4.6kB
12
12

HTTP Request

GET https://nitrox.rux.gg/api/version/latest

HTTP Response

200
172.67.136.44:443

https://nitrox.rux.gg/api/changelog/releases

tls, http

NitroxLauncher.exe

2.2kB
25.1kB
25
31

HTTP Request

GET https://nitrox.rux.gg/api/changelog/releases

HTTP Response

200

8.8.8.8:53

nitroxblog.rux.gg

dns

NitroxLauncher.exe

63 B
95 B
1
1

DNS Request

nitroxblog.rux.gg

DNS Response

104.21.62.133

172.67.136.44
8.8.8.8:53

nitrox.rux.gg

dns

NitroxLauncher.exe

59 B
91 B
1
1

DNS Request

nitrox.rux.gg

DNS Response

172.67.136.44

104.21.62.133
8.8.8.8:53

133.62.21.104.in-addr.arpa

dns

144 B
134 B
2
1

DNS Request

133.62.21.104.in-addr.arpa

DNS Request

133.62.21.104.in-addr.arpa
8.8.8.8:53

44.136.67.172.in-addr.arpa

dns

144 B
134 B
2
1

DNS Request

44.136.67.172.in-addr.arpa

DNS Request

44.136.67.172.in-addr.arpa
8.8.8.8:53

154.239.44.20.in-addr.arpa

dns

144 B
158 B
2
1

DNS Request

154.239.44.20.in-addr.arpa

DNS Request

154.239.44.20.in-addr.arpa
8.8.8.8:53

181.129.81.91.in-addr.arpa

dns

288 B
147 B
4
1

DNS Request

181.129.81.91.in-addr.arpa

DNS Request

181.129.81.91.in-addr.arpa

DNS Request

181.129.81.91.in-addr.arpa

DNS Request

181.129.81.91.in-addr.arpa
8.8.8.8:53

74.32.126.40.in-addr.arpa

dns

213 B
157 B
3
1

DNS Request

74.32.126.40.in-addr.arpa

DNS Request

74.32.126.40.in-addr.arpa

DNS Request

74.32.126.40.in-addr.arpa
8.8.8.8:53

7.98.51.23.in-addr.arpa

dns

69 B
131 B
1
1

DNS Request

7.98.51.23.in-addr.arpa
8.8.8.8:53

104.219.191.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

104.219.191.52.in-addr.arpa
8.8.8.8:53

212.20.149.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

212.20.149.52.in-addr.arpa
8.8.8.8:53

133.211.185.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

133.211.185.52.in-addr.arpa
8.8.8.8:53

15.164.165.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

15.164.165.52.in-addr.arpa
8.8.8.8:53

166.190.18.2.in-addr.arpa

dns

142 B
135 B
2
1

DNS Request

166.190.18.2.in-addr.arpa

DNS Request

166.190.18.2.in-addr.arpa
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.210.232.199.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1808-0-0x00007FF83CB53000-0x00007FF83CB55000-memory.dmp

Filesize
8KB

Download
memory/1808-1-0x00000225B1ED0000-0x00000225B224A000-memory.dmp

Filesize
3.5MB

Download
memory/1808-2-0x00000225CDF60000-0x00000225CDF9E000-memory.dmp

Filesize
248KB

Download
memory/1808-3-0x00000225CE0B0000-0x00000225CE0D6000-memory.dmp

Filesize
152KB

Download
memory/1808-5-0x00007FF83CB50000-0x00007FF83D611000-memory.dmp

Filesize
10.8MB

Download
memory/1808-4-0x00000225B3F40000-0x00000225B3F48000-memory.dmp

Filesize
32KB

Download
memory/1808-6-0x00000225B3F50000-0x00000225B3F5E000-memory.dmp

Filesize
56KB

Download
memory/1808-8-0x00007FF83CB50000-0x00007FF83D611000-memory.dmp

Filesize
10.8MB

Download
memory/1808-7-0x00000225CE130000-0x00000225CE152000-memory.dmp

Filesize
136KB

Download
memory/1808-9-0x00007FF83CB50000-0x00007FF83D611000-memory.dmp

Filesize
10.8MB

Download
memory/1808-10-0x00000225CE280000-0x00000225CE29C000-memory.dmp

Filesize
112KB

Download
memory/1808-11-0x00000225CE2A0000-0x00000225CE2B6000-memory.dmp

Filesize
88KB

Download
memory/1808-12-0x00000225D14D0000-0x00000225D158A000-memory.dmp

Filesize
744KB

Download
memory/1808-13-0x00000225D0740000-0x00000225D0748000-memory.dmp

Filesize
32KB

Download
memory/1808-14-0x00007FF83CB50000-0x00007FF83D611000-memory.dmp

Filesize
10.8MB

Download
memory/1808-16-0x00000225D07F0000-0x00000225D07FE000-memory.dmp

Filesize
56KB

Download
memory/1808-15-0x00000225D1D90000-0x00000225D1DC8000-memory.dmp

Filesize
224KB

Download
memory/1808-18-0x00007FF83CB53000-0x00007FF83CB55000-memory.dmp

Filesize
8KB

Download
memory/1808-19-0x00007FF83CB50000-0x00007FF83D611000-memory.dmp

Filesize
10.8MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.