Overview
overview
10Static
static
10Kingdoms.o...er.exe
windows7-x64
3Kingdoms.o...er.exe
windows10-2004-x64
3Kingdoms.o...ng.exe
windows7-x64
3Kingdoms.o...ng.exe
windows10-2004-x64
3Kingdoms.o...nt.dll
windows7-x64
3Kingdoms.o...nt.dll
windows10-2004-x64
3Kingdoms.o...pi.dll
windows7-x64
3Kingdoms.o...pi.dll
windows10-2004-x64
3Analysis
-
max time kernel
140s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
11-08-2024 03:37
Behavioral task
behavioral1
Sample
Kingdoms.of.Amalur.Reckoning.Crack.Only-SKIDROW/SKIDROW/Launcher.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
Kingdoms.of.Amalur.Reckoning.Crack.Only-SKIDROW/SKIDROW/Launcher.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
Kingdoms.of.Amalur.Reckoning.Crack.Only-SKIDROW/SKIDROW/Reckoning.exe
Resource
win7-20240705-en
Behavioral task
behavioral4
Sample
Kingdoms.of.Amalur.Reckoning.Crack.Only-SKIDROW/SKIDROW/Reckoning.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
Kingdoms.of.Amalur.Reckoning.Crack.Only-SKIDROW/SKIDROW/Steamclient.dll
Resource
win7-20240704-en
Behavioral task
behavioral6
Sample
Kingdoms.of.Amalur.Reckoning.Crack.Only-SKIDROW/SKIDROW/Steamclient.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
Kingdoms.of.Amalur.Reckoning.Crack.Only-SKIDROW/SKIDROW/steam_api.dll
Resource
win7-20240704-en
Behavioral task
behavioral8
Sample
Kingdoms.of.Amalur.Reckoning.Crack.Only-SKIDROW/SKIDROW/steam_api.dll
Resource
win10v2004-20240802-en
General
-
Target
Kingdoms.of.Amalur.Reckoning.Crack.Only-SKIDROW/SKIDROW/Launcher.exe
-
Size
260KB
-
MD5
7e41e744ee4e81753f7748fff591dcc8
-
SHA1
ed43ff28caca9545b835a0a2250a64c61f5dedb9
-
SHA256
1c28e6a942ba200926013b7c251351741f79736eb8ef8ac785c79deb5e6eb5db
-
SHA512
6f9062839aee04f8fcec3edaf3e74c3195d62e572ca847f76f92478742897a69bed8977fdb752b726fdd50d1e287818ec55d5420577805922683a77908406e7e
-
SSDEEP
3072:pv9H+R3NeC3TmG7QAxn7aAHRr+zaKlpQial6d256UJ3BwRyLAoasseeepx+:pVH+HfjmhAxn7aAxyzaWpQi5dWvL2Xe
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Launcher.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: 33 2520 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 2520 AUDIODG.EXE
Processes
-
C:\Users\Admin\AppData\Local\Temp\Kingdoms.of.Amalur.Reckoning.Crack.Only-SKIDROW\SKIDROW\Launcher.exe"C:\Users\Admin\AppData\Local\Temp\Kingdoms.of.Amalur.Reckoning.Crack.Only-SKIDROW\SKIDROW\Launcher.exe"1⤵
- System Location Discovery: System Language Discovery
PID:1740
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4b4 0x46c1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2520