Naughty Sandbox -2021-05-31- -naughty Sandbox- File

The objective of this challenge is to analyze a provided binary or script that employs several "naughty" tricks to detect if it is being run inside a virtual machine (VM) or a debugger. If it detects a sandbox, it either terminates or executes a benign code path to hide its true intent. Initial Triage

"You are now entering the Naughty Sandbox. Please leave your expectations at the door. If you break the universe, please submit a ticket. We will ignore it lovingly." Naughty Sandbox -2021-05-31- -Naughty Sandbox-

Most sandboxes in early 2021 allocated only 1 or 2 CPUs. QakBot checked for GetActiveProcessorGroupCount . If it returned 1 , it hibernated. If it returned 2 or more, it fired. The objective of this challenge is to analyze

: Locate the conditional jumps (e.g., JZ or JNZ ) following the VM checks and change them to NOP (No Operation) or force the jump ( JMP ). Please leave your expectations at the door

Welcome to the . Not the sterile, beige-box simulation where every action has a predictable, approved reaction. No. This is the version where gravity is a suggestion, the water physics are slightly too jiggly, and the NPCs blush when you click on them.

End of Log.