hxxps://prismlauncher[.]org

Analysis

max time kernel
51s
max time network
55s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
03-06-2023 01:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://prismlauncher.org

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3456128661"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31036858"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bbe533076e6d2f4dbe8a5382f75e5e7700000000020000000000106600000001000020000000c432f41dff3d3fb4436b2951c48b2e1aab99abfa24119caf901e99859b7d241b000000000e800000000200002000000024fbc9427e8e8a93cc4ecd7f02e09af5b28915693947b757a3a32e75fa4d83af20000000c95de858625fbab6220ae080e0600ad4c907605701a1e5f1b297f629c26990e4400000001c1a438518884307f37f08136078b1f56a183a85e5f611ef8d6fa82b409bd2954cbfb83017c648c5e87e15a15fd000ecc8be8c6f6a8ed242339e72538930e30d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3456128661"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31036858"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{F93E8AA8-01AD-11EE-8FFF-FA48AF8140A7} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31036858"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bbe533076e6d2f4dbe8a5382f75e5e7700000000020000000000106600000001000020000000501f531f11f5c97b533f2c24192135cbbb160f71e9584725457802b61ef4b903000000000e8000000002000020000000f37010f19dfc5239478a2f8d040c3b8981cc79a1451c2650ca61ebe5c8020a64000100007d149b3db6f001b26393eb0f6d56f553e6303cff421e84cfe22a527641d77bbd2b3e13a5ec24ad2b78d51a28cc67833f281639fed240510da2aaaa5077b503a553d09d2fc723cb46a118da321449a17091ede18efe0d84573ffd2537e174b8f6026562ce9900b9f1ddbfeedb070867cd1b75ee290e6f2cdff194fbfa264a64b549ecad7d5fbfc34d1521322c1edda7c918af706e9a1cbfeb96719d26fc8c77f0411bbdb90dba2f0a15f740baa0765875ae96961bad7047e35e07b595fa096da11376038f45b7e6f0b22a47d35fc6e4af1f575e88640f60ca5c8afd6c19979976222b0a49ee28b31ef0b2c2660534654db2e7a2688b63e99a951a24d8ba001469400000005eebcdef9cd6d1448e7587bf20eb5928bc62bae9497c102dad492b7c0d9a8165af5e7823cf92a375c884ec6fa44d87ca0d026cbdf6ba60f4b703c3f339422aa4	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bbe533076e6d2f4dbe8a5382f75e5e7700000000020000000000106600000001000020000000bac35b3deef5badd2ff3b159ec1303d65173246dbcbbceb4d8b28f137ef29a1f000000000e8000000002000020000000068c7b6da6735ff4cfe8b6c6f173433415f7b466221a9186cf3e370d7898acb02000000025b8f55289baa1598b8043fe218f49527a883b1b35595ddbd3729103978f745140000000d3e2eb39f5bf98926b11f6926e8d1fcc41b62b8e97832a66a3fb23f2dea879f0b5b33ff639dd2264ce8133f2d57898ac67dd7474228eb134a82c6276b92cb1c4	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3470035417"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60e2a3cfba95d901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bbe533076e6d2f4dbe8a5382f75e5e77000000000200000000001066000000010000200000001b1044dbb5f0d7d74f476b95f4f41c3f7c48360ab3f6ab42f1ac7d57555f179b000000000e8000000002000020000000cf56c8febb71b7d554828dc8be023d151dd4c0f4979a9f83b41edb0f2b95666000010000290e336bf733104d689fcdaab8cc1dff52c2390a689b8d0f32473352f4fa435fca66f84e7dfefa928c96c547bbb3094f6ada282ab063c54ecc67e24da3129e788f53ffb283a1717331550e8a7f493734acd59f444516001e97fa9cb43ddf164eedb763d032302b09b6f646241276088f6d4ae0b61ac5f8ea904d720830e7644eb81e62effa97170a4eedc712c999f5bfaf0119ed94600a4ec38427bf200a456aef4a4df40c09db52e3c095cbd1d4fb71d7de455bce73af648343705ecd9e709f5724f8cbaac93d09afa5145059f4cab5548df7271d1bf49caa6234504c1840ca7b3eb2e2415ebf404ed12c7e9b61c6373f10c6922bbc71a75ae3268910c3ecc840000000f7ed0395428e27465172cb6d575cf331af226cf31190ac0a46b4ba6dd011c762af4a4d1bfa9bd131e5c402d4045f1c6ca5979a02c6f864fb47bc7b26268956ab	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0591bc5ba95d901	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3148	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3148	iexplore.exe
3148	iexplore.exe
2948	IEXPLORE.EXE
2948	IEXPLORE.EXE
2948	IEXPLORE.EXE
2948	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3148 wrote to memory of 2948	3148	iexplore.exe	85
PID 3148 wrote to memory of 2948	3148	iexplore.exe	85
PID 3148 wrote to memory of 2948	3148	iexplore.exe	85

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://prismlauncher.org
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3148
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3148 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2948

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
68922600a2ab5a655b71826013aeb3b7

SHA1
b89aada63b01c865f6db88571ee0a2e1c3bf57fa

SHA256
f48422a5bcbad8930c9e3f7ae5be8912e45952e4487ea1ed8bd2d7401cfc6120

SHA512
03cd8dbd29ecfdd07081bf9abbcba14c6b478e42b5c04a6fb157b392a5f0daaaccf747dff21c1de6f7b359a164201bc0eae739eb9f5a8634e7ca0b00b6a5bfee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
404B

MD5
0655e5e0ee2585d5bf06e61f39ea71e6

SHA1
830c3b07a0dfb49f8e1fa7656f7b5c0a615a2e68

SHA256
042d80ce3699e787ef4da9f3de3516c00754c3cd25d8885631f2a7a07b08d24b

SHA512
fdaa1e697928f4ecba93ea91836eef555fa5cb997bb6114edf855328c5f5b326d33352896abf3eb010653856f0f610a62ae628990d8676f23473a3e595339762

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\phzg4yt\imagestore.dat

Filesize
4KB

MD5
61df29e57811d54a50e3e7e720550a48

SHA1
b882445de888e3ffb470f219992d2e429eaeee10

SHA256
8a4f01713cba95bbfb2c69e34d5b169aa730bf4121b220809191e2ec96ed7518

SHA512
51d3eedc88525c53a64b954cb44a3a52b618a1384bbc8bbff4b24c12dfb5956256e362aae9a3ed64f331f5cfb054bb921e44aab4a671352eaa9bb7dd164bfa7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\39K1WZBJ\600[1].css

Filesize
2KB

MD5
116719b27b932164a9669d74c5f93bd7

SHA1
b094e7c1048988ecb694789af66161b4faa92971

SHA256
fa236050c4207d7a0e44bb1df6d7fb8b92c14e6a057a1ae3eb667e5df215fd5d

SHA512
422b8fd490a40d0285ffd33f50af2c2e9fe11d1ad6420191604c6f62ea23db020a668c6a5c56fef217db82d3557aebea1f5b32e5565031590a51986a6bf0bce0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\39K1WZBJ\favicon[1].png

Filesize
4KB

MD5
433138c8d68e8e8c1383dee79bd25616

SHA1
c4caf64d8094b211f6b4121126df9c366b6abbcd

SHA256
1c317acbfcedb5f45589d9aebfbcf169fa6b7e36cbdca8d8afd33e5e39365459

SHA512
d2498d4692c38fc06a616e50872934f73b0b4e56478d407ff5596c32206b658fd5221cc2d4202bdfacd39ec904c0eebeaf3ffdf26ffdb43390599d1c492d76c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4VT6R2QM\download[1].htm

Filesize
23KB

MD5
f073ce65a6c990fcd8f6c84cac8bc043

SHA1
361978164bafa456172910c591f1531b4489bc36

SHA256
6b10067a6407fffeba7f9a124516d97e93cdbcf982c3ca85debe6fda03a61882

SHA512
7d8e2fc640406863a3cda6e3e31348e73ca77609d00175fff1974f8b072873ace294898761639e423c26b84f85a5a7e08e5c8c4564399583e74d2e93572ba8f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4VT6R2QM\forkawesome-webfont[1].eot

Filesize
214KB

MD5
e719f9244c69e28e7d00e725ca1e280e

SHA1
f75d7019e3bc61ec51f76bc93527c546dca85bb1

SHA256
62c52951be321c21d87dbf076af0d199f6e8d51e27e6eddf80bd4d5b737497d0

SHA512
2ead515e308eefe5870abdcd3c619451ecd4a2380cf6df9580d9a77821883506980a7f6c4b62f1768b55e2f8b52fd9a49bfc4ffa9bad231c1586ff410e9ea5ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4VT6R2QM\index[1].css

Filesize
2KB

MD5
176d3aa6b8ca425be58a2f5909fd1785

SHA1
b63fa32bb6098e79c3cdee3e1f52f7966a7860f2

SHA256
341d2b1308fed4a34a3f67706dc2ed15b9f99296ec607d9a25ac0cb4aa23c4f4

SHA512
8050f62250c4afe043d5c6fcbe37bda06982e1e8b8abb7c468b2df0e58784103d31d55830aad30f2cd9349c588ef052ee50b49d0613f5ea71c96b9229a386bdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EY3KXMB3\700[1].css

Filesize
2KB

MD5
747fcd343ee3868eb21a19ee2875ffb5

SHA1
4af5ba242e44df234c5b0476ca0f0beaaf2c084f

SHA256
e945a67c4f0110252232613d6f5769d3528a20d54328f035c7001642767ea93f

SHA512
8d3c4285729448a0e191ac73667afe214c022228f21453a330bd2b67f96218342ce12f070d0c728698a9c4727db4ee4ae2adbf7f9d2e00410cb272586e30e99b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EY3KXMB3\fork-awesome.min[1].css

Filesize
36KB

MD5
82c1118c918377daaa71a320ab8eea42

SHA1
740986d13b1b0b122c0aad3853a10aafeb5413f5

SHA256
5e868c9e8602e531faffe8a13049e8b29826d09d4f33f9e2a316ce51d9ccf076

SHA512
6aea6276bf34337e927b2be203f859dae10f9efb7675325fca39bdcbacf5320695d774e0ce60e215db07ddcbd2346dbb991223ee027680d7a0d477b2489c84dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EY3KXMB3\inter-all-400-normal[1].woff

Filesize
126KB

MD5
dbe57dbfed5cac9bfa5772d7fad61215

SHA1
9e3df849d62d0b371247a27c1fcadd77e607d227

SHA256
f824029bc4bc25782f6387bd5302fec9f68f613ebb8b7ed09c11b370fe8f74aa

SHA512
4c043babec84bd12984c598bd8ef87bd5ce28e6ddc2043c18bad5a17c3454543a5b39c64ded3b467d6c1c1cfadc78779ba10c6d4d087204e4a08d39d8e66ea51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EY3KXMB3\inter-all-600-normal[1].woff

Filesize
136KB

MD5
4a57ea3b8cda492923d0560a1d1957f0

SHA1
9ff637fdb8bc8c0e246e099a1b62e1a7d19bbcb7

SHA256
ba29c0573be1e0aace16480e887229f8cea0fe64f171966ff62960c94cfc1e01

SHA512
e2b2b988e0e3e57d0f1c0a39602f647ab91dfaea965b01dcd0b4467e9779aa3891261ff232d07477c93b7c264767c6a06c5b96b18a907d5e3e8944fd733efbd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EY3KXMB3\inter-all-700-normal[1].woff

Filesize
137KB

MD5
cb12f00b24e0d4672658cdf5ad10a6be

SHA1
37689250c80dd0e3a81124837cd17bcb88cac9f2

SHA256
9d318ccb9b25832b337c9ef063cca0e7d08fa8e9c8778cbb79fa5f9573d13a2f

SHA512
8e026f52c14c153a81a0dc643f690890c62aebf2aa227f7df1a229e76ca38e995d0ba4fbdd71c15265fb5230d4b798607e053151a0db44d445d497dd3ad1ff3c

Download Submit