Overview

overview

8

Static

static

PrismLaunc....1.exe

windows7-x64

8

PrismLaunc....1.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    45s
  • max time network
    48s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    31/01/2023, 05:04

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    PrismLauncher-Windows-MSVC-Setup-6.1.exe

  • Size

    15.5MB

  • MD5

    3a9e82a34241cc1074b5acdba96de397

  • SHA1

    753fac5c5e7aa94a026465c148354aa50e980a2a

  • SHA256

    9915886397dcdc3ab005e677c7ecaa2227f107e953a6ce3f0fe9da5aa24e99ba

  • SHA512

    30dd72b254dbc90a8a2719266bd2ac1ffb89413556dd25166d39291a718ff996fdcd1217890c3e3d2cf75b10cb8dc4429093c220cff85849aae7ce724162e4d1

  • SSDEEP

    393216:L10lmpRFI0w51NpcpJBOlasFC6WukvcCsOr+MG/T:LP51ertWuYc7Or+D

Score
8/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 7 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Kills process with taskkill 1 IoCs
    evasion
  • Modifies registry class 34 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\PrismLauncher-Windows-MSVC-Setup-6.1.exe
    "C:\Users\Admin\AppData\Local\Temp\PrismLauncher-Windows-MSVC-Setup-6.1.exe"
    1⤵
    • Loads dropped DLL
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1016
    • C:\Windows\SysWOW64\TaskKill.exe
      TaskKill /IM prismlauncher.exe /F
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:1232
    • C:\Users\Admin\AppData\Local\Programs\PrismLauncher\prismlauncher.exe
      "C:\Users\Admin\AppData\Local\Programs\PrismLauncher\prismlauncher.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:596

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Gui.dll
          Filesize

          7.3MB

          MD5

          6478c16e7fb5cdd73db8d9459f2202e0

          SHA1

          ef393b1933e39bc6f52c66976b3fac3d3ba9db8c

          SHA256

          78285161c08aab7ece80c2ab8e34a1f1455d07b368db88fd26b8c52352d28757

          SHA512

          7d50b55bc82fec8538f9515d4f87b94425918c461c9c31e44fadbeefb4e263ddd5ff251eb0828a2fc3c2235320becb5c4924f7ba543e7d66050d7f28e064ac9f

          Download Submit

        • C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Widgets.dll
          Filesize

          5.8MB

          MD5

          fb4f282da22ff082fdaa957698c079b1

          SHA1

          9a6d32c9b3ce00fbc42b0ad43b245715f2f19b39

          SHA256

          226e112bcb5a00f576db2278c993d4bad299826c3aecbab1abbfa9f6d281d850

          SHA512

          506e64bab0b44f26216726180f72f4d724b6a62e4018389760b3d6bcfc39be6db8e69487ce59704ed8ace9c2f01542ea9903c865f8cbf2b7a46eac2f721530ae

          Download Submit

        • C:\Users\Admin\AppData\Local\Programs\PrismLauncher\prismlauncher.exe
          Filesize

          7.7MB

          MD5

          ac8e74fe374c009a180ff03e25c95290

          SHA1

          cd4f041229222285e904e4fc6056696d7581d013

          SHA256

          5f364a30796c2e833aba340c25a8bdf49397874edaca09a498ae5da5c8009da7

          SHA512

          6eb2b6738060bae01c942905ee1452f74dacd372929fe941f8a0997152b1af7bc04df008b91ed9bbeaa6430cadec25b9c587d4204262175746768fa25c0ce9c8

          Download Submit

        • \Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Gui.dll
          Filesize

          7.3MB

          MD5

          6478c16e7fb5cdd73db8d9459f2202e0

          SHA1

          ef393b1933e39bc6f52c66976b3fac3d3ba9db8c

          SHA256

          78285161c08aab7ece80c2ab8e34a1f1455d07b368db88fd26b8c52352d28757

          SHA512

          7d50b55bc82fec8538f9515d4f87b94425918c461c9c31e44fadbeefb4e263ddd5ff251eb0828a2fc3c2235320becb5c4924f7ba543e7d66050d7f28e064ac9f

          Download Submit

        • \Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Widgets.dll
          Filesize

          5.8MB

          MD5

          fb4f282da22ff082fdaa957698c079b1

          SHA1

          9a6d32c9b3ce00fbc42b0ad43b245715f2f19b39

          SHA256

          226e112bcb5a00f576db2278c993d4bad299826c3aecbab1abbfa9f6d281d850

          SHA512

          506e64bab0b44f26216726180f72f4d724b6a62e4018389760b3d6bcfc39be6db8e69487ce59704ed8ace9c2f01542ea9903c865f8cbf2b7a46eac2f721530ae

          Download Submit

        • \Users\Admin\AppData\Local\Programs\PrismLauncher\prismlauncher.exe
          Filesize

          7.7MB

          MD5

          ac8e74fe374c009a180ff03e25c95290

          SHA1

          cd4f041229222285e904e4fc6056696d7581d013

          SHA256

          5f364a30796c2e833aba340c25a8bdf49397874edaca09a498ae5da5c8009da7

          SHA512

          6eb2b6738060bae01c942905ee1452f74dacd372929fe941f8a0997152b1af7bc04df008b91ed9bbeaa6430cadec25b9c587d4204262175746768fa25c0ce9c8

          Download Submit

        • \Users\Admin\AppData\Local\Programs\PrismLauncher\prismlauncher.exe
          Filesize

          7.7MB

          MD5

          ac8e74fe374c009a180ff03e25c95290

          SHA1

          cd4f041229222285e904e4fc6056696d7581d013

          SHA256

          5f364a30796c2e833aba340c25a8bdf49397874edaca09a498ae5da5c8009da7

          SHA512

          6eb2b6738060bae01c942905ee1452f74dacd372929fe941f8a0997152b1af7bc04df008b91ed9bbeaa6430cadec25b9c587d4204262175746768fa25c0ce9c8

          Download Submit

        • \Users\Admin\AppData\Local\Temp\nsdE3BC.tmp\System.dll
          Filesize

          12KB

          MD5

          cff85c549d536f651d4fb8387f1976f2

          SHA1

          d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

          SHA256

          8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

          SHA512

          531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

          Download Submit

        • \Users\Admin\AppData\Local\Temp\nsdE3BC.tmp\nsDialogs.dll
          Filesize

          9KB

          MD5

          6c3f8c94d0727894d706940a8a980543

          SHA1

          0d1bcad901be377f38d579aafc0c41c0ef8dcefd

          SHA256

          56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

          SHA512

          2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

          Download Submit

        • \Users\Admin\AppData\Local\Temp\nsdE3BC.tmp\nsExec.dll
          Filesize

          7KB

          MD5

          675c4948e1efc929edcabfe67148eddd

          SHA1

          f5bdd2c4329ed2732ecfe3423c3cc482606eb28e

          SHA256

          1076ca39c449ed1a968021b76ef31f22a5692dfafeea29460e8d970a63c59906

          SHA512

          61737021f86f54279d0a4e35db0d0808e9a55d89784a31d597f2e4b65b7bbeec99aa6c79d65258259130eeda2e5b2820f4f1247777a3010f2dc53e30c612a683

          Download Submit

        • memory/1016-54-0x00000000756B1000-0x00000000756B3000-memory.dmp

          Filesize

          8KB

          Download