Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
64s -
max time network
65s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
27/01/2025, 08:10 UTC
General
-
Target
NitroxLauncher.exe
-
Size
3.5MB
-
MD5
e801cd1a9af46b219768d79f7d2a2b98
-
SHA1
a2e939298aec1770b0079284b5bc275ba9cee517
-
SHA256
9c34793ccd4cde1297ed243858b6411305201b95e86d1e99cf493a9a51b88e5c
-
SHA512
48dee9078223881716bd1360881233b6a99df3c1f6063fe69784e77243ce55e988fea1365184de69b4f1724cd59ac02d6e8deaf7fbf00eae82301122c09e71ee
-
SSDEEP
98304:fUqYeHg1UsnKLycqQYcDcwuavRfFujF0NpIl:LU18yArhvRfFujaNOl
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NitroxLauncher.exe"C:\Users\Admin\AppData\Local\Temp\NitroxLauncher.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\NitroxServer-Subnautica.exe"C:\Users\Admin\AppData\Local\Temp\NitroxServer-Subnautica.exe"2⤵
-
-
C:\Users\Admin\AppData\Local\Temp\NitroxServer-Subnautica.exe"C:\Users\Admin\AppData\Local\Temp\NitroxServer-Subnautica.exe"2⤵
-
Network
-
DNSnitroxblog.rux.ggRemote address:8.8.8.8:53Requestnitroxblog.rux.ggIN AResponsenitroxblog.rux.ggIN A104.21.62.133nitroxblog.rux.ggIN A172.67.136.44 -
DNSnitrox.rux.ggRemote address:8.8.8.8:53Requestnitrox.rux.ggIN AResponsenitrox.rux.ggIN A104.21.62.133nitrox.rux.ggIN A172.67.136.44
-
DNSnitrox.rux.ggRemote address:8.8.8.8:53Requestnitrox.rux.ggIN AResponsenitrox.rux.ggIN A104.21.62.133nitrox.rux.ggIN A172.67.136.44
-
GEThttps://nitrox.rux.gg/api/version/latestRemote address:104.21.62.133:443RequestGET /api/version/latest HTTP/1.1
User-Agent: NitroxLauncher
Content-Type: application/json
Host: nitrox.rux.gg
Cache-Control: max-age=86400
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Date: Mon, 27 Jan 2025 08:11:22 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, private
Access-Control-Allow-Origin: *
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OXOh2kgC2TekUzmlgYiROavgMHiGrYVggcTQD8EKUm%2BusdsM1YkLXoAxom%2BAS5ciC1%2BwomkTZb3WIwZd%2FXwq1ukwiGgdDU569JjUZwNyK9k0B2Souv2MLSxKGlHUN2aJ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 9087458a7977944e-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=28885&min_rtt=26896&rtt_var=9264&sent=6&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=448&delivery_rate=124869&cwnd=252&unsent_bytes=0&cid=cf00730fec71f3c1&ts=147&x=0"
-
GEThttps://nitrox.rux.gg/api/changelog/releasesRemote address:104.21.62.133:443RequestGET /api/changelog/releases HTTP/1.1
User-Agent: NitroxLauncher
Content-Type: application/json
Host: nitrox.rux.gg
Cache-Control: max-age=86400
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Date: Mon, 27 Jan 2025 08:11:22 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, private
Access-Control-Allow-Origin: *
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yiwrxdBO4g78BeXf49qKMouKvJbGenDrduSuz5ckCmKB3Md4EHxwmw9ArU5L6Gpls7ZIaU%2B%2F1rTggAPinuccE37xCQsgu0hLG6iMJtdVQCPQbmYDfLHpyfyctWWHZj%2FY"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 9087458a7cd09483-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=28413&min_rtt=26339&rtt_var=9223&sent=6&recv=6&lost=0&retrans=0&sent_bytes=2827&recv_bytes=464&delivery_rate=126589&cwnd=253&unsent_bytes=0&cid=b02b22655e2d4391&ts=147&x=0"
-
GEThttps://nitroxblog.rux.gg/wp-json/wp/v2/posts?per_page=8&page=1Remote address:104.21.62.133:443RequestGET /wp-json/wp/v2/posts?per_page=8&page=1 HTTP/1.1
User-Agent: NitroxLauncher
Content-Type: application/json
Host: nitroxblog.rux.gg
Cache-Control: max-age=86400
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Date: Mon, 27 Jan 2025 08:11:23 GMT
Content-Type: application/json; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Robots-Tag: noindex
X-Content-Type-Options: nosniff
Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link
Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
X-WP-Total: 13
X-WP-TotalPages: 2
Link: <https://nitroxblog.rux.gg/wp-json/wp/v2/posts?per_page=8&page=2>; rel="next"
Allow: GET
Vary: Origin,Accept-Encoding
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OgF68qlHEz5y7e4vn%2B%2Fmp8IaG5xBWi1flSeCdiK8C5uiESXaxFMTgyG9t15%2BoNzOaPtnRNTzi6xBQD4xd1mUdH8ceNTgtDExxGiMadKm5IXnjjvc41VSO3b6IRIn%2FpSsletCKQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 9087458a7d197778-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=28347&min_rtt=26163&rtt_var=9220&sent=6&recv=6&lost=0&retrans=0&sent_bytes=2827&recv_bytes=484&delivery_rate=117628&cwnd=253&unsent_bytes=0&cid=240f5c0c1e20fc80&ts=617&x=0"
-
DNSi0.wp.comRemote address:8.8.8.8:53Requesti0.wp.comIN AResponsei0.wp.comIN A192.0.77.2
-
104.21.62.133:443https://nitrox.rux.gg/api/version/latesttls, http
HTTP Request
GET https://nitrox.rux.gg/api/version/latestHTTP Response
200 -
104.21.62.133:443https://nitrox.rux.gg/api/changelog/releasestls, http
HTTP Request
GET https://nitrox.rux.gg/api/changelog/releasesHTTP Response
200 -
104.21.62.133:443https://nitroxblog.rux.gg/wp-json/wp/v2/posts?per_page=8&page=1tls, http
HTTP Request
GET https://nitroxblog.rux.gg/wp-json/wp/v2/posts?per_page=8&page=1HTTP Response
200 -
192.0.77.2:443i0.wp.comtls
-
192.0.77.2:443i0.wp.comtls
-
192.0.77.2:443i0.wp.comtls
-
192.0.77.2:443i0.wp.comtls
-
192.0.77.2:443i0.wp.comtls
-
192.0.77.2:443i0.wp.comtls
-
192.0.77.2:443i0.wp.comtls
-
192.0.77.2:443i0.wp.comtls
-
8.8.8.8:53nitroxblog.rux.ggdns
DNS Request
nitroxblog.rux.gg
DNS Response
104.21.62.133172.67.136.44
-
8.8.8.8:53nitrox.rux.ggdns
DNS Request
nitrox.rux.gg
DNS Response
104.21.62.133172.67.136.44
-
8.8.8.8:53nitrox.rux.ggdns
DNS Request
nitrox.rux.gg
DNS Response
104.21.62.133172.67.136.44
-
8.8.8.8:53i0.wp.comdns
DNS Request
i0.wp.com
DNS Response
192.0.77.2
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD594d368c7c33642b3759352e58ef0fc2a
SHA1724285f2b1cdf40f104598464fb867d5a20adc8f
SHA256eab19e6f6b1949b476324f06436fe61a40e4b619aaf82d79b799884bb8fd82a1
SHA512193242a350c753da3d9cc37d21a111f834f354887a145edf1196013cd03826105575b5d9a2f799694cab22b83168ec5c6f4dacc501757cf3da1d922af93c8e36
-
Filesize
9.9MB
-
Filesize
40KB
-
Filesize
9.9MB
-
Filesize
248KB
-
Filesize
152KB
-
Filesize
32KB
-
Filesize
56KB
-
Filesize
136KB
-
Filesize
40KB
-
Filesize
40KB
-
Filesize
9.9MB
-
Filesize
88KB
-
Filesize
9.9MB
-
Filesize
9.9MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
9.9MB
-
Filesize
9.9MB
-
Filesize
112KB
-
Filesize
9.9MB
-
Filesize
9.9MB
-
Filesize
9.9MB
-
Filesize
9.9MB
-
Filesize
3.5MB
-
Filesize
208KB
-
Filesize
80KB
-
Filesize
248KB
-
Filesize
9.9MB
-
Filesize
9.9MB
-
Filesize
9.9MB
-
Filesize
9.9MB
-
Filesize
80KB
-
Filesize
248KB
-
Filesize
208KB