92f4be23fd098350031cbe2f661f90c7377d691eec91808636d415b9741b029a

General

Target

NitroxLauncher.exe
Size

3.5MB
MD5

e801cd1a9af46b219768d79f7d2a2b98
SHA1

a2e939298aec1770b0079284b5bc275ba9cee517
SHA256

9c34793ccd4cde1297ed243858b6411305201b95e86d1e99cf493a9a51b88e5c
SHA512

48dee9078223881716bd1360881233b6a99df3c1f6063fe69784e77243ce55e988fea1365184de69b4f1724cd59ac02d6e8deaf7fbf00eae82301122c09e71ee
SSDEEP

98304:fUqYeHg1UsnKLycqQYcDcwuavRfFujF0NpIl:LU18yArhvRfFujaNOl

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2336	NitroxLauncher.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2336 wrote to memory of 2828	2336	NitroxLauncher.exe	31
PID 2336 wrote to memory of 2828	2336	NitroxLauncher.exe	31
PID 2336 wrote to memory of 2828	2336	NitroxLauncher.exe	31
PID 2336 wrote to memory of 2788	2336	NitroxLauncher.exe	33
PID 2336 wrote to memory of 2788	2336	NitroxLauncher.exe	33
PID 2336 wrote to memory of 2788	2336	NitroxLauncher.exe	33

C:\Users\Admin\AppData\Local\Temp\NitroxLauncher.exe
"C:\Users\Admin\AppData\Local\Temp\NitroxLauncher.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2336
- C:\Users\Admin\AppData\Local\Temp\NitroxServer-Subnautica.exe
  "C:\Users\Admin\AppData\Local\Temp\NitroxServer-Subnautica.exe"
  2⤵
  PID:2828
- C:\Users\Admin\AppData\Local\Temp\NitroxServer-Subnautica.exe
  "C:\Users\Admin\AppData\Local\Temp\NitroxServer-Subnautica.exe"
  2⤵
  PID:2788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Nitrox Logs\server-20250127.log

Filesize
3KB

MD5
94d368c7c33642b3759352e58ef0fc2a

SHA1
724285f2b1cdf40f104598464fb867d5a20adc8f

SHA256
eab19e6f6b1949b476324f06436fe61a40e4b619aaf82d79b799884bb8fd82a1

SHA512
193242a350c753da3d9cc37d21a111f834f354887a145edf1196013cd03826105575b5d9a2f799694cab22b83168ec5c6f4dacc501757cf3da1d922af93c8e36

Download Submit
memory/2336-17-0x000007FEF5E70000-0x000007FEF685C000-memory.dmp

Filesize
9.9MB

Download
memory/2336-8-0x000000001AA90000-0x000000001AAB2000-memory.dmp

Filesize
136KB

Download
memory/2336-3-0x000007FEF5E70000-0x000007FEF685C000-memory.dmp

Filesize
9.9MB

Download
memory/2336-4-0x00000000005D0000-0x000000000060E000-memory.dmp

Filesize
248KB

Download
memory/2336-18-0x000007FEF5E70000-0x000007FEF685C000-memory.dmp

Filesize
9.9MB

Download
memory/2336-6-0x0000000000620000-0x0000000000628000-memory.dmp

Filesize
32KB

Download
memory/2336-7-0x0000000000630000-0x000000000063E000-memory.dmp

Filesize
56KB

Download
memory/2336-19-0x00000000007D0000-0x00000000007DA000-memory.dmp

Filesize
40KB

Download
memory/2336-10-0x00000000007D0000-0x00000000007DA000-memory.dmp

Filesize
40KB

Download
memory/2336-20-0x000007FEF5E70000-0x000007FEF685C000-memory.dmp

Filesize
9.9MB

Download
memory/2336-11-0x0000000002580000-0x000000000259C000-memory.dmp

Filesize
112KB

Download
memory/2336-12-0x00000000021B0000-0x00000000021C6000-memory.dmp

Filesize
88KB

Download
memory/2336-13-0x000007FEF5E70000-0x000007FEF685C000-memory.dmp

Filesize
9.9MB

Download
memory/2336-14-0x000007FEF5E70000-0x000007FEF685C000-memory.dmp

Filesize
9.9MB

Download
memory/2336-16-0x000007FEF5E73000-0x000007FEF5E74000-memory.dmp

Filesize
4KB

Download
memory/2336-0-0x000007FEF5E73000-0x000007FEF5E74000-memory.dmp

Filesize
4KB

Download
memory/2336-5-0x0000000002360000-0x0000000002386000-memory.dmp

Filesize
152KB

Download
memory/2336-2-0x000007FEF5E70000-0x000007FEF685C000-memory.dmp

Filesize
9.9MB

Download
memory/2336-9-0x00000000007D0000-0x00000000007DA000-memory.dmp

Filesize
40KB

Download
memory/2336-21-0x000007FEF5E70000-0x000007FEF685C000-memory.dmp

Filesize
9.9MB

Download
memory/2336-36-0x000007FEF5E70000-0x000007FEF685C000-memory.dmp

Filesize
9.9MB

Download
memory/2336-34-0x000007FEF5E70000-0x000007FEF685C000-memory.dmp

Filesize
9.9MB

Download
memory/2336-33-0x000007FEF5E70000-0x000007FEF685C000-memory.dmp

Filesize
9.9MB

Download
memory/2336-1-0x0000000000210000-0x000000000058A000-memory.dmp

Filesize
3.5MB

Download
memory/2788-30-0x00000000003D0000-0x0000000000404000-memory.dmp

Filesize
208KB

Download
memory/2788-29-0x00000000011F0000-0x0000000001204000-memory.dmp

Filesize
80KB

Download
memory/2788-31-0x0000000000580000-0x00000000005BE000-memory.dmp

Filesize
248KB

Download
memory/2828-26-0x000007FEF5E70000-0x000007FEF685C000-memory.dmp

Filesize
9.9MB

Download
memory/2828-27-0x000007FEF5E70000-0x000007FEF685C000-memory.dmp

Filesize
9.9MB

Download
memory/2828-28-0x000007FEF5E70000-0x000007FEF685C000-memory.dmp

Filesize
9.9MB

Download
memory/2828-25-0x000007FEF5E70000-0x000007FEF685C000-memory.dmp

Filesize
9.9MB

Download
memory/2828-22-0x0000000000150000-0x0000000000164000-memory.dmp

Filesize
80KB

Download
memory/2828-24-0x00000000005A0000-0x00000000005DE000-memory.dmp

Filesize
248KB

Download
memory/2828-23-0x0000000000190000-0x00000000001C4000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing