Analysis

  • max time kernel
    120s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    11-08-2024 03:34

General

  • Target

    Kingdoms.of.Amalur.Reckoning.Crack.Only-SKIDROW/SKIDROW/steam_api.dll

  • Size

    120KB

  • MD5

    61055c5d7719288e2ef1d7cb6af1d5bb

  • SHA1

    b81c5a98deb7078e9cb92ea97b88558cf89e1e07

  • SHA256

    2bd98f48e2e5826f04a3e3184b93241d876c389f9ef8c2d6185d8ddcd1ddf380

  • SHA512

    54f445fa4e6fdc1132962822aa7ff0b2a9576ceec0053ebbe6a362d64d9c4b813270a11a541e0f1f3ccd813ea2bc6bf893221a7d494e29057f869e09f7c6f70a

  • SSDEEP

    1536:s30GTjBVQfjfziKxMpyZSvBqLR96TMDjwJh4WYYqItB79nnaeHD:sVVQSKhnYJ2WYYHtJdaej

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\Kingdoms.of.Amalur.Reckoning.Crack.Only-SKIDROW\SKIDROW\steam_api.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2028
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\Kingdoms.of.Amalur.Reckoning.Crack.Only-SKIDROW\SKIDROW\steam_api.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:1224

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads