Overview

overview

6

Static

static

1

PrismLaunc...ld.ps1

windows7-x64

3

PrismLaunc...ld.ps1

windows10-2004-x64

3

PrismLaunc...me-run

ubuntu-18.04-amd64

1

PrismLaunc...me-run

debian-9-armhf

1

PrismLaunc...me-run

debian-9-mips

1

PrismLaunc...me-run

debian-9-mipsel

1

PrismLaunc...uncher

ubuntu-18.04-amd64

1

PrismLaunc...uncher

debian-9-armhf

1

PrismLaunc...uncher

debian-9-mips

1

PrismLaunc...uncher

debian-9-mipsel

1

PrismLaunc...ts.vbs

windows7-x64

1

PrismLaunc...ts.vbs

windows10-2004-x64

1

PrismLaunc...tem.js

windows7-x64

3

PrismLaunc...tem.js

windows10-2004-x64

3

PrismLaunc...ist.js

windows7-x64

3

PrismLaunc...ist.js

windows10-2004-x64

3

PrismLaunc...son.js

windows7-x64

3

PrismLaunc...son.js

windows10-2004-x64

3

PrismLaunc...her.in

ubuntu-18.04-amd64

6

PrismLaunc...her.in

debian-9-armhf

1

PrismLaunc...her.in

debian-9-mips

1

PrismLaunc...her.in

debian-9-mipsel

1

PrismLaunc...all.js

windows7-x64

3

PrismLaunc...all.js

windows10-2004-x64

3

PrismLaunc...ity.js

windows7-x64

3

PrismLaunc...ity.js

windows10-2004-x64

3

PrismLaunc...ent.js

windows7-x64

3

PrismLaunc...ent.js

windows10-2004-x64

3

PrismLaunc...log.js

windows7-x64

3

PrismLaunc...log.js

windows10-2004-x64

3

PrismLaunc...log.js

windows7-x64

3

PrismLaunc...log.js

windows10-2004-x64

3

Analysis

  • max time kernel
    120s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    08-09-2024 04:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PrismLauncher-Cracked-develop/.github/workflows/build.ps1

  • Size

    26KB

  • MD5

    855eec9d484c0b0a201e5c303aa600a0

  • SHA1

    cc2d69f35d978e4af446a3fa63e1576c4a036658

  • SHA256

    3484559471c2c5e34ec4a66a5f5db9a5575e061a9f522e133ed71b9d8a43289f

  • SHA512

    a7e355abe3d21cbd1c1452f76371eab3bd5436139d95167a9fb61f1b80f219e0a65ff8a5c3ff05931a7599aad6604ce056d3b731fb3f1793422cb65d0c21d1a0

  • SSDEEP

    768:P6DyI6yutVQ3xS+Q3j/34ZzDXY6YcbGWBWkb5lU:P6Dobt+3+3j/6zHSWBWkU

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\PrismLauncher-Cracked-develop\.github\workflows\build.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2100

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2100-4-0x000007FEF62EE000-0x000007FEF62EF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2100-5-0x000000001B670000-0x000000001B952000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2100-6-0x0000000001E10000-0x0000000001E18000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2100-8-0x000007FEF6030000-0x000007FEF69CD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2100-7-0x000007FEF6030000-0x000007FEF69CD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2100-9-0x000007FEF6030000-0x000007FEF69CD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2100-10-0x000007FEF6030000-0x000007FEF69CD000-memory.dmp

    Filesize

    9.6MB

    Download