Overview

overview

7

Static

static

3

PrismLaunc....3.exe

windows7-x64

7

PrismLaunc....3.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

Qt6Core.dll

windows7-x64

1

Qt6Core.dll

windows10-2004-x64

1

Qt6Core5Compat.dll

windows7-x64

1

Qt6Core5Compat.dll

windows10-2004-x64

1

Qt6Gui.dll

windows7-x64

1

Qt6Gui.dll

windows10-2004-x64

1

Qt6Network.dll

windows7-x64

1

Qt6Network.dll

windows10-2004-x64

1

Qt6Svg.dll

windows7-x64

1

Qt6Svg.dll

windows10-2004-x64

1

Qt6Widgets.dll

windows7-x64

1

Qt6Widgets.dll

windows10-2004-x64

1

Qt6Xml.dll

windows7-x64

1

Qt6Xml.dll

windows10-2004-x64

1

iconengine...on.dll

windows7-x64

1

iconengine...on.dll

windows10-2004-x64

1

imageformats/qgif.dll

windows7-x64

1

imageformats/qgif.dll

windows10-2004-x64

1

imageforma...ns.dll

windows7-x64

1

imageforma...ns.dll

windows10-2004-x64

1

imageformats/qico.dll

windows7-x64

1

imageformats/qico.dll

windows10-2004-x64

1

imageforma...eg.dll

windows7-x64

1

imageforma...eg.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    22-05-2024 19:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PrismLauncher-Windows-MSVC-Setup-8.3.exe

  • Size

    18.1MB

  • MD5

    d03e25e914d36f2375c28ed0ee277432

  • SHA1

    fc9b209ac8272e91c81df60cc97c4cbcada6f149

  • SHA256

    c2fc663f23d734380807de7b7f5897376cdc1e3cd547d51ab515a3a4e72ab073

  • SHA512

    f94b595188b2b1a8f6bf5f30a0d1d8fb1dd57e7e66519a77e9dd6c79ad606a585b134fb6b9a8efb301afe91e117b4d8b7551133a6d658e0eb399ea18e191d6c3

  • SSDEEP

    393216:CNnQQvlCZznocxWjGHuoeoKn/ZwtI4Np+uH5Xw7nxQPY1DrnQDtZqw2MQjgXjc:CNnQQvMBocxyGOo/Ixb4v+uZjqPQDtZa

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 11 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Kills process with taskkill 1 IoCs
    evasion
  • Modifies registry class 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\PrismLauncher-Windows-MSVC-Setup-8.3.exe
    "C:\Users\Admin\AppData\Local\Temp\PrismLauncher-Windows-MSVC-Setup-8.3.exe"
    1⤵
    • Loads dropped DLL
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2192
    • C:\Windows\SysWOW64\TaskKill.exe
      TaskKill /IM prismlauncher.exe /F
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:2628
    • C:\Users\Admin\AppData\Local\Programs\PrismLauncher\prismlauncher.exe
      "C:\Users\Admin\AppData\Local\Programs\PrismLauncher\prismlauncher.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2540
  • C:\Users\Admin\AppData\Local\Programs\PrismLauncher\prismlauncher.exe
    "C:\Users\Admin\AppData\Local\Programs\PrismLauncher\prismlauncher.exe"
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    PID:340

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Gui.dll
    Filesize

    8.5MB

    MD5

    7875aad0d0d426e9d1b132a35266de32

    SHA1

    8b7656e3412ae546153d2d3df91a6ff506d64749

    SHA256

    fc2464f62d7915ddeaebb5490bee6d60e7b42ad5a223d5812f0993c27c35be19

    SHA512

    9fa16c5c628f2e9b242323aed4c1aa70f093cee9f341ac61640287ff9be8663658f502769e037a8409943d3c9ab826bb1c6f88532f0fbacdaea28b2353cdfba9

    Download Submit

  • C:\Users\Admin\AppData\Local\Programs\PrismLauncher\Qt6Widgets.dll
    Filesize

    6.2MB

    MD5

    34abb42b63e71b09b72b48cf5b1dba53

    SHA1

    9f3111aab57a5f28a4ce9bf82ea208fa3eadb9a6

    SHA256

    c71e65b882a84f47114590784a256f14ba19202ec30b218ce4841b2c7256060b

    SHA512

    06acab5a04a5d3e6834ddc95229758d4adc7a7f0ef003c80e8d59a8241e295b196aceacce20c88879e1676405a2538d032ec6ac543258538e686878fb29f77f1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsd17B6.tmp\modern-wizard.bmp
    Filesize

    25KB

    MD5

    cbe40fd2b1ec96daedc65da172d90022

    SHA1

    366c216220aa4329dff6c485fd0e9b0f4f0a7944

    SHA256

    3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

    SHA512

    62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

    Download Submit

  • \Users\Admin\AppData\Local\Programs\PrismLauncher\prismlauncher.exe
    Filesize

    9.8MB

    MD5

    289255ff339b0ff529f43acb848b91ea

    SHA1

    a1312d501279095225ce6fd1824abfc50d884791

    SHA256

    ef302e37bc7f02edea74acaf614ecb71a6aa6f8e703db6811502169c2102c7ee

    SHA512

    ca782bbbd5bfd39d3b7d21f9b6d8089d4fb2c3474b1045dd6d49512b3d146b6f57fe701c26c83043cf10cbc1bf9127ee78d10775c3716a7a1f578cf0481a80f1

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsd17B6.tmp\System.dll
    Filesize

    12KB

    MD5

    4add245d4ba34b04f213409bfe504c07

    SHA1

    ef756d6581d70e87d58cc4982e3f4d18e0ea5b09

    SHA256

    9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706

    SHA512

    1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsd17B6.tmp\nsDialogs.dll
    Filesize

    9KB

    MD5

    1d8f01a83ddd259bc339902c1d33c8f1

    SHA1

    9f7806af462c94c39e2ec6cc9c7ad05c44eba04e

    SHA256

    4b7d17da290f41ebe244827cc295ce7e580da2f7e9f7cc3efc1abc6898e3c9ed

    SHA512

    28bf647374b4b500a0f3dbced70c2b256f93940e2b39160512e6e486ac31d1d90945acecef578f61b0a501f27c7106b6ffc3deab2ec3bfb3d9af24c9449a1567

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsd17B6.tmp\nsExec.dll
    Filesize

    7KB

    MD5

    b4579bc396ace8cafd9e825ff63fe244

    SHA1

    32a87ed28a510e3b3c06a451d1f3d0ba9faf8d9c

    SHA256

    01e72332362345c415a7edcb366d6a1b52be9ac6e946fb9da49785c140ba1a4b

    SHA512

    3a76e0e259a0ca12275fed922ce6e01bdfd9e33ba85973e80101b8025ef9243f5e32461a113bbcc6aa75e40894bb5d3a42d6b21045517b6b3cf12d76b4cfa36a

    Download Submit