File name: | DashlaneInst.exe |
Full analysis: | https://app.any.run/tasks/8d209694-1424-4288-9a17-7387ebc1a131 |
Verdict: | Malicious activity |
Analysis date: | December 06, 2022, 06:21:03 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-dosexec |
File info: | PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive |
MD5: | 3BE372C290A12BD343C25E94ABDC89AC |
SHA1: | E8840F3703DA7E737BC15C950ED768F2B1BD50E1 |
SHA256: | 4F71407A42B514140D5FCE3F122C428484ADCD20CF1A45A8C8D28380C5120426 |
SSDEEP: | 12288:STwwc/MsA2k+l3BNYXwDN9ytoXY6vCCzCE2UPDGiA6brQxzM/PFP79BeI0:aw/MB+3YXuidACyCKDGEozM/PFz9wI |
.exe | | | Win32 Executable MS Visual C++ (generic) (42.2) |
---|---|---|
.exe | | | Win64 Executable (generic) (37.3) |
.dll | | | Win32 Dynamic Link Library (generic) (8.8) |
.exe | | | Win32 Executable (generic) (6) |
.exe | | | Generic Win/DOS Executable (2.7) |
Architecture: | IMAGE_FILE_MACHINE_I386 |
---|---|
Subsystem: | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Compilation Date: | 2019-Jan-24 14:28:37 |
Detected languages: |
|
Comments : | - |
CompanyName: | Dashlane Inc. |
FileDescription: | Dashlane |
FileVersion: | 6.2105.0.43225 |
LegalCopyright: | Copyright 2009-2021 Dashlane Inc. |
LegalTradmarks: | Dashlane is a tradmark of Dashlane Inc. |
ProductName: | Dashlane |
e_magic: | MZ |
---|---|
e_cblp: | 144 |
e_cp: | 3 |
e_crlc: | - |
e_cparhdr: | 4 |
e_minalloc: | - |
e_maxalloc: | 65535 |
e_ss: | - |
e_sp: | 184 |
e_csum: | - |
e_ip: | - |
e_cs: | - |
e_ovno: | - |
e_oemid: | - |
e_oeminfo: | - |
e_lfanew: | 224 |
Signature: | PE |
---|---|
Machine: | IMAGE_FILE_MACHINE_I386 |
NumberofSections: | 5 |
TimeDateStamp: | 2019-Jan-24 14:28:37 |
PointerToSymbolTable: | - |
NumberOfSymbols: | - |
SizeOfOptionalHeader: | 224 |
Characteristics: |
|
Name | Virtual Address | Virtual Size | Raw Size | Charateristics | Entropy |
---|---|---|---|---|---|
.text | 4096 | 26288 | 26624 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.35989 |
.rdata | 32768 | 5544 | 5632 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.34624 |
.data | 40960 | 107736 | 512 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 1.61575 |
.ndata | 151552 | 786432 | 0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | |
.rsrc | 937984 | 126088 | 126464 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.24235 |
Title | Entropy | Size | Codepage | Language | Type |
---|---|---|---|---|---|
1 | 2.60233 | 67624 | UNKNOWN | English - United States | RT_ICON |
2 | 3.09318 | 16936 | UNKNOWN | English - United States | RT_ICON |
3 | 7.61812 | 13137 | UNKNOWN | English - United States | RT_ICON |
4 | 3.21852 | 9640 | UNKNOWN | English - United States | RT_ICON |
5 | 7.86823 | 6375 | UNKNOWN | English - United States | RT_ICON |
6 | 3.26551 | 4264 | UNKNOWN | English - United States | RT_ICON |
7 | 4.44343 | 1128 | UNKNOWN | English - United States | RT_ICON |
103 | 2.79933 | 104 | UNKNOWN | English - United States | RT_GROUP_ICON |
105 | 2.73893 | 514 | UNKNOWN | English - United States | RT_DIALOG |
106 | 2.91148 | 248 | UNKNOWN | English - United States | RT_DIALOG |
ADVAPI32.dll |
COMCTL32.dll |
GDI32.dll |
KERNEL32.dll |
SHELL32.dll |
USER32.dll |
ole32.dll |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1880 | "C:\Users\admin\Desktop\DashlaneInst.exe" | C:\Users\admin\Desktop\DashlaneInst.exe | Explorer.EXE | ||||||||||||
User: admin Company: Dashlane Inc. Integrity Level: MEDIUM Description: Dashlane Exit code: 1223 Version: 6.2105.0.43225 Modules
| |||||||||||||||
3444 | "C:\Users\admin\Desktop\DashlaneInst.exe" /UAC:50150 /NCRC | C:\Users\admin\Desktop\DashlaneInst.exe | DashlaneInst.exe | ||||||||||||
User: admin Company: Dashlane Inc. Integrity Level: HIGH Description: Dashlane Version: 6.2105.0.43225 Modules
|
(PID) Process: | (1880) DashlaneInst.exe | Key: | HKEY_CURRENT_USER\Software\Dashlane\InstallInformation |
Operation: | write | Name: | partnerid |
Value: | |||
(PID) Process: | (1880) DashlaneInst.exe | Key: | HKEY_CURRENT_USER\Software\Dashlane\InstallInformation |
Operation: | write | Name: | campaignid |
Value: NO_CAMPAIGN | |||
(PID) Process: | (1880) DashlaneInst.exe | Key: | HKEY_CURRENT_USER\Software\Dashlane\InstallInformation |
Operation: | write | Name: | createDesktopShortcut |
Value: true | |||
(PID) Process: | (3444) DashlaneInst.exe | Key: | HKEY_CURRENT_USER\Software\Dashlane\InstallInformation |
Operation: | write | Name: | partnerid |
Value: | |||
(PID) Process: | (3444) DashlaneInst.exe | Key: | HKEY_CURRENT_USER\Software\Dashlane\InstallInformation |
Operation: | write | Name: | AnonymousInstallerId2 |
Value: 808239285514477688830040442 | |||
(PID) Process: | (3444) DashlaneInst.exe | Key: | HKEY_CURRENT_USER\Software\Dashlane\InstallInformation |
Operation: | write | Name: | partnername |
Value: NO_TYPE | |||
(PID) Process: | (3444) DashlaneInst.exe | Key: | HKEY_CURRENT_USER\Software\Dashlane\InstallInformation |
Operation: | write | Name: | InstallerPath |
Value: C:\Users\admin\Desktop\DashlaneInst.exe | |||
(PID) Process: | (3444) DashlaneInst.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content |
Operation: | write | Name: | CachePrefix |
Value: | |||
(PID) Process: | (3444) DashlaneInst.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
(PID) Process: | (3444) DashlaneInst.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
Operation: | write | Name: | CachePrefix |
Value: Visited: |
PID | Process | Filename | Type | |
---|---|---|---|---|
3444 | DashlaneInst.exe | C:\Users\admin\AppData\Local\Temp\nsrCC.tmp | — | |
MD5:— | SHA256:— | |||
1880 | DashlaneInst.exe | C:\Users\admin\AppData\Local\Temp\nsqFCD5.tmp | — | |
MD5:— | SHA256:— | |||
3444 | DashlaneInst.exe | C:\Users\admin\AppData\Local\Temp\nsn199.tmp\System.dll | executable | |
MD5:5BC871689EAB0C9726D71DD0E5921D9B | SHA256:0BCCF2D9FCAE0F2746E52DB6D3DA99C1AB21CBE81FD8D115157D31AFABA4601E | |||
3444 | DashlaneInst.exe | C:\Users\admin\AppData\Local\Temp\progress.bmp | image | |
MD5:3915292A803E2355315A5F12026563E2 | SHA256:4DD5353AB63B732ADE7C904B3586344C39ACE1837562809100E9A4E70C804969 | |||
1880 | DashlaneInst.exe | C:\Users\admin\AppData\Local\Temp\nsgFD82.tmp\System.dll | executable | |
MD5:5BC871689EAB0C9726D71DD0E5921D9B | SHA256:0BCCF2D9FCAE0F2746E52DB6D3DA99C1AB21CBE81FD8D115157D31AFABA4601E | |||
3444 | DashlaneInst.exe | C:\Users\admin\AppData\Local\Temp\nsn199.tmp\CheckInstalledKB_15-02-17_3_1.dll | executable | |
MD5:D2098D2C2D7D35C0D3C396EF6206B867 | SHA256:92D2E4031540C2DB9938F257E4C25FD61F3D8FCE9397A6A7A83A6604A40C0C8C | |||
1880 | DashlaneInst.exe | C:\Users\admin\AppData\Local\Temp\dashlaneInstallLog.txt | text | |
MD5:FE59C75C7E63C8D78BEE683CDA5BE180 | SHA256:59305098F4582EA05490AB9C40AEB45CBDF4A59F6CA177C6FFC31FD75DEE8CBD | |||
3444 | DashlaneInst.exe | C:\Users\admin\AppData\Local\Temp\nsn199.tmp\inetc_17-05-09_2.dll | executable | |
MD5:51843D1334D3D9E751622541BBC76131 | SHA256:AF1BC66BCF117B5BA88ED3BE3676928EB527C98C50156405DDEBE73DB1F26E82 | |||
3444 | DashlaneInst.exe | C:\Users\admin\AppData\Local\Temp\nsn199.tmp\inetc_17-05-09_1.dll | executable | |
MD5:51843D1334D3D9E751622541BBC76131 | SHA256:AF1BC66BCF117B5BA88ED3BE3676928EB527C98C50156405DDEBE73DB1F26E82 | |||
3444 | DashlaneInst.exe | C:\Users\admin\AppData\Local\Temp\dashlaneInstallLog.txt | text | |
MD5:9BBBDE21C4F8F5FCA622A41A2F36F75C | SHA256:DBCD14D7B8C2F321AB3B4EF468C5BAE4FDDD47996C28687A68244CB334A14F88 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3444 | DashlaneInst.exe | GET | 404 | 209.197.3.8:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?aa0362af8bc978ad | US | xml | 341 b | whitelisted |
1092 | svchost.exe | GET | 404 | 209.197.3.8:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?b8dc0bf9f55bb2e9 | US | xml | 341 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3444 | DashlaneInst.exe | 209.197.3.8:80 | ctldl.windowsupdate.com | STACKPATH-CDN | US | whitelisted |
3444 | DashlaneInst.exe | 34.255.201.174:443 | logs.dashlane.com | AMAZON-02 | IE | unknown |
3444 | DashlaneInst.exe | 104.18.27.218:443 | ws1.dashlane.com | CLOUDFLARENET | — | shared |
1092 | svchost.exe | 209.197.3.8:80 | ctldl.windowsupdate.com | STACKPATH-CDN | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
logs.dashlane.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ws1.dashlane.com |
| unknown |