Overview

overview

7

Static

static

3

PrismLaunc....3.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...rd.bmp

windows10-2004-x64

7

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

Qt6Core.dll

windows10-2004-x64

1

Qt6Core5Compat.dll

windows10-2004-x64

1

Qt6Gui.dll

windows10-2004-x64

1

Qt6Network.dll

windows10-2004-x64

1

Qt6Svg.dll

windows10-2004-x64

1

Qt6Widgets.dll

windows10-2004-x64

1

Qt6Xml.dll

windows10-2004-x64

1

iconengine...on.dll

windows10-2004-x64

1

imageformats/qgif.dll

windows10-2004-x64

1

imageforma...ns.dll

windows10-2004-x64

1

imageformats/qico.dll

windows10-2004-x64

1

imageforma...eg.dll

windows10-2004-x64

1

imageformats/qsvg.dll

windows10-2004-x64

1

imageforma...mp.dll

windows10-2004-x64

1

imageforma...bp.dll

windows10-2004-x64

1

jars/JavaCheck.jar

windows10-2004-x64

7

jars/NewLaunch.jar

windows10-2004-x64

7

jars/NewLa...cy.jar

windows10-2004-x64

7

platforms/...2d.dll

windows10-2004-x64

1

platforms/...ws.dll

windows10-2004-x64

1

prismlauncher.exe

windows10-2004-x64

7

prismlaunc...nk.exe

windows10-2004-x64

1

prismlaunc...er.exe

windows10-2004-x64

7

qt.conf

windows10-2004-x64

3

qtlogging.ini

windows10-2004-x64

1

styles/qwi...le.dll

windows10-2004-x64

1

tls/qschan...nd.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    1133s
  • max time network
    1178s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-04-2024 19:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    prismlauncher.exe

  • Size

    9.8MB

  • MD5

    289255ff339b0ff529f43acb848b91ea

  • SHA1

    a1312d501279095225ce6fd1824abfc50d884791

  • SHA256

    ef302e37bc7f02edea74acaf614ecb71a6aa6f8e703db6811502169c2102c7ee

  • SHA512

    ca782bbbd5bfd39d3b7d21f9b6d8089d4fb2c3474b1045dd6d49512b3d146b6f57fe701c26c83043cf10cbc1bf9127ee78d10775c3716a7a1f578cf0481a80f1

  • SSDEEP

    98304:TdghH1XBqcsRS+w/QkIHDno6TRfUNxOKGnZ:IBFs3b06ixQnZ

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\prismlauncher.exe
    "C:\Users\Admin\AppData\Local\Temp\prismlauncher.exe"
    1⤵
    • Checks computer location settings
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: GetForegroundWindowSpam
    PID:996

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\PrismLauncher\prismlauncher.cfg
    Filesize

    100B

    MD5

    acd7c6361f1613f2bf3a4795823465e0

    SHA1

    77552945f59b568c5cf393848634e9ed938ef83d

    SHA256

    59496d5edb9c1da4feb7684fdbd295fe7c8edc969e35a1b688b730236982fb01

    SHA512

    e939631a26d9b02cbda152c8737ffc8e35d0914c9244c9ce22c052d2e36aef90789c3c944004a045bef53c0c6c8c5091a7a12fa06c0644134667181fc83784bf

    Download Submit

  • C:\Users\Admin\AppData\Roaming\PrismLauncher\prismlauncher.cfg.hyFGPW
    Filesize

    30B

    MD5

    a6dc16331f06bc5831e5ddc9799284ec

    SHA1

    d344f83d549df8c3e2c959182ba37f8c81d885a5

    SHA256

    9da99b49301ba83c33387e75d2028185562479e677b6afb110b4f8b098465807

    SHA512

    43e498eab5c6f9b2f70c01e0abd4e63edb2651e498f267b53c7f62f2ef9c1eb68fa4783967fdba1880722a8bcd6e58065108f42773f0f47c04c9e54e809b1c14

    Download Submit

  • C:\Users\Admin\AppData\Roaming\PrismLauncher\prismlauncher.cfg.lock
    Filesize

    65B

    MD5

    641a0256a0937a8318b5377d5669646b

    SHA1

    bc206729f8b9293b054ce08574192b440f682387

    SHA256

    3f2801746f910f2acde73a01b9b84c1b5793affd5cc3df3be7ea5bc5f04870a5

    SHA512

    fb6ca2b19d6b5917ecaffeaaa877dd9031f5fc50c755708496fbe081d550fb1f00625f3fa3e19ecbf5d65d493340373d79770ed3272ef1b4505b88b1fecd0cf9

    Download Submit

  • memory/996-1-0x00007FFE31570000-0x00007FFE31B9D000-memory.dmp

    Filesize

    6.2MB

    Download

  • memory/996-0-0x00007FF7561B0000-0x00007FF756B78000-memory.dmp

    Filesize

    9.8MB

    Download

  • memory/996-2-0x000002038DEE0000-0x000002038DEF0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/996-46-0x000002038DEE0000-0x000002038DEF0000-memory.dmp

    Filesize

    64KB

    Download