File name: | DashlaneInst.exe |
Full analysis: | https://app.any.run/tasks/e06b3deb-8b4b-44e3-83c3-0655ff6bff69 |
Verdict: | Malicious activity |
Analysis date: | December 06, 2022, 06:18:54 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-dosexec |
File info: | PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive |
MD5: | 3BE372C290A12BD343C25E94ABDC89AC |
SHA1: | E8840F3703DA7E737BC15C950ED768F2B1BD50E1 |
SHA256: | 4F71407A42B514140D5FCE3F122C428484ADCD20CF1A45A8C8D28380C5120426 |
SSDEEP: | 12288:STwwc/MsA2k+l3BNYXwDN9ytoXY6vCCzCE2UPDGiA6brQxzM/PFP79BeI0:aw/MB+3YXuidACyCKDGEozM/PFz9wI |
.exe | | | Win32 Executable MS Visual C++ (generic) (42.2) |
---|---|---|
.exe | | | Win64 Executable (generic) (37.3) |
.dll | | | Win32 Dynamic Link Library (generic) (8.8) |
.exe | | | Win32 Executable (generic) (6) |
.exe | | | Generic Win/DOS Executable (2.7) |
Architecture: | IMAGE_FILE_MACHINE_I386 |
---|---|
Subsystem: | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Compilation Date: | 2019-Jan-24 14:28:37 |
Detected languages: |
|
Comments : | - |
CompanyName: | Dashlane Inc. |
FileDescription: | Dashlane |
FileVersion: | 6.2105.0.43225 |
LegalCopyright: | Copyright 2009-2021 Dashlane Inc. |
LegalTradmarks: | Dashlane is a tradmark of Dashlane Inc. |
ProductName: | Dashlane |
e_magic: | MZ |
---|---|
e_cblp: | 144 |
e_cp: | 3 |
e_crlc: | - |
e_cparhdr: | 4 |
e_minalloc: | - |
e_maxalloc: | 65535 |
e_ss: | - |
e_sp: | 184 |
e_csum: | - |
e_ip: | - |
e_cs: | - |
e_ovno: | - |
e_oemid: | - |
e_oeminfo: | - |
e_lfanew: | 224 |
Signature: | PE |
---|---|
Machine: | IMAGE_FILE_MACHINE_I386 |
NumberofSections: | 5 |
TimeDateStamp: | 2019-Jan-24 14:28:37 |
PointerToSymbolTable: | - |
NumberOfSymbols: | - |
SizeOfOptionalHeader: | 224 |
Characteristics: |
|
Name | Virtual Address | Virtual Size | Raw Size | Charateristics | Entropy |
---|---|---|---|---|---|
.text | 4096 | 26288 | 26624 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.35989 |
.rdata | 32768 | 5544 | 5632 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.34624 |
.data | 40960 | 107736 | 512 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 1.61575 |
.ndata | 151552 | 786432 | 0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | |
.rsrc | 937984 | 126088 | 126464 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.24235 |
Title | Entropy | Size | Codepage | Language | Type |
---|---|---|---|---|---|
1 | 2.60233 | 67624 | UNKNOWN | English - United States | RT_ICON |
2 | 3.09318 | 16936 | UNKNOWN | English - United States | RT_ICON |
3 | 7.61812 | 13137 | UNKNOWN | English - United States | RT_ICON |
4 | 3.21852 | 9640 | UNKNOWN | English - United States | RT_ICON |
5 | 7.86823 | 6375 | UNKNOWN | English - United States | RT_ICON |
6 | 3.26551 | 4264 | UNKNOWN | English - United States | RT_ICON |
7 | 4.44343 | 1128 | UNKNOWN | English - United States | RT_ICON |
103 | 2.79933 | 104 | UNKNOWN | English - United States | RT_GROUP_ICON |
105 | 2.73893 | 514 | UNKNOWN | English - United States | RT_DIALOG |
106 | 2.91148 | 248 | UNKNOWN | English - United States | RT_DIALOG |
ADVAPI32.dll |
COMCTL32.dll |
GDI32.dll |
KERNEL32.dll |
SHELL32.dll |
USER32.dll |
ole32.dll |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
856 | "C:\Users\admin\Desktop\DashlaneInst.exe" | C:\Users\admin\Desktop\DashlaneInst.exe | Explorer.EXE | ||||||||||||
User: admin Company: Dashlane Inc. Integrity Level: MEDIUM Description: Dashlane Version: 6.2105.0.43225 Modules
| |||||||||||||||
3348 | "C:\Users\admin\Desktop\DashlaneInst.exe" /UAC:50150 /NCRC | C:\Users\admin\Desktop\DashlaneInst.exe | DashlaneInst.exe | ||||||||||||
User: admin Company: Dashlane Inc. Integrity Level: HIGH Description: Dashlane Version: 6.2105.0.43225 Modules
| |||||||||||||||
3024 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\Desktop\optioncourt.rtf" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | Explorer.EXE | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 Modules
| |||||||||||||||
3852 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\Desktop\optioncourt.rtf" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | Explorer.EXE | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Exit code: 0 Version: 14.0.6024.1000 Modules
| |||||||||||||||
1836 | "C:\Users\admin\Desktop\DashlaneInst.exe" | C:\Users\admin\Desktop\DashlaneInst.exe | Explorer.EXE | ||||||||||||
User: admin Company: Dashlane Inc. Integrity Level: MEDIUM Description: Dashlane Version: 6.2105.0.43225 Modules
| |||||||||||||||
1604 | "C:\Users\admin\Desktop\DashlaneInst.exe" /UAC:3012C /NCRC | C:\Users\admin\Desktop\DashlaneInst.exe | DashlaneInst.exe | ||||||||||||
User: admin Company: Dashlane Inc. Integrity Level: HIGH Description: Dashlane Version: 6.2105.0.43225 Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
856 | DashlaneInst.exe | C:\Users\admin\AppData\Local\Temp\nsa8DC.tmp\System.dll | executable | |
MD5:5BC871689EAB0C9726D71DD0E5921D9B | SHA256:0BCCF2D9FCAE0F2746E52DB6D3DA99C1AB21CBE81FD8D115157D31AFABA4601E | |||
3348 | DashlaneInst.exe | C:\Users\admin\AppData\Local\Temp\nslB3D.tmp\System.dll | executable | |
MD5:5BC871689EAB0C9726D71DD0E5921D9B | SHA256:0BCCF2D9FCAE0F2746E52DB6D3DA99C1AB21CBE81FD8D115157D31AFABA4601E | |||
856 | DashlaneInst.exe | C:\Users\admin\AppData\Local\Temp\dashlaneInstallLog.txt | text | |
MD5:AA25D7EFA3A53E5108080C1744CD8901 | SHA256:12AF91DFFB2E1240FF6E454E33663D772D43EB82294F1878ACC2A51747F413D3 | |||
3348 | DashlaneInst.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62 | binary | |
MD5:244575C9E9DEE04BC4FB7665CDB177E8 | SHA256:C9690D3AF304AFA6EE1649001004DDBA6A4CCBABFDA741812D12460ABC5FE5BB | |||
3348 | DashlaneInst.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62 | der | |
MD5:61A43AD7B5E0EFB0FD2A3468D3D3EC4A | SHA256:0E01A5872AD78B80CD0DBD9F4A68B0B7578E1B2CB4C335A48FE6E3B906B8228F | |||
3348 | DashlaneInst.exe | C:\Users\admin\AppData\Local\Temp\nslB3D.tmp\UserInfo_1.dll | executable | |
MD5:D1E37112390E6BCCA8362788D61BECF5 | SHA256:77B40D42606D48F817B901F1E5ABEA114B4288B344B8C193BF3E3C52E469A926 | |||
3348 | DashlaneInst.exe | C:\Users\admin\AppData\Local\Temp\dashlaneInstallLog.txt | text | |
MD5:AA25D7EFA3A53E5108080C1744CD8901 | SHA256:12AF91DFFB2E1240FF6E454E33663D772D43EB82294F1878ACC2A51747F413D3 | |||
3348 | DashlaneInst.exe | C:\Users\admin\AppData\Local\Temp\nslB3D.tmp\inetc_17-05-09_1.dll | executable | |
MD5:51843D1334D3D9E751622541BBC76131 | SHA256:AF1BC66BCF117B5BA88ED3BE3676928EB527C98C50156405DDEBE73DB1F26E82 | |||
3348 | DashlaneInst.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:2DFFD49217F6884DD2C4E2453E3167B2 | SHA256:173193FC62B21CA07D9D884B2ADCE9CE96F486683D7C76AA93F7E3D5AEB0C4FA | |||
856 | DashlaneInst.exe | C:\Users\admin\AppData\Local\Temp\nsa8DC.tmp\UserInfo_1.dll | executable | |
MD5:D1E37112390E6BCCA8362788D61BECF5 | SHA256:77B40D42606D48F817B901F1E5ABEA114B4288B344B8C193BF3E3C52E469A926 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3348 | DashlaneInst.exe | GET | 200 | 108.156.61.163:80 | http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D | US | der | 1.51 Kb | whitelisted |
3348 | DashlaneInst.exe | GET | 200 | 108.156.61.136:80 | http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D | US | der | 1.70 Kb | whitelisted |
3348 | DashlaneInst.exe | GET | 200 | 108.156.61.214:80 | http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D | US | der | 1.39 Kb | shared |
3348 | DashlaneInst.exe | GET | 200 | 18.65.40.40:80 | http://ocsp.sca1b.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQz9arGHWbnBV0DFzpNHz4YcTiFDQQUWaRmBlKge5WSPKOUByeWdFv5PdACEAy9%2FFzEdU4NywCMlt3jyQ0%3D | US | der | 471 b | whitelisted |
3348 | DashlaneInst.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQS14tALDViBvqCf47YkiQRtKz1BAQUpc436uuwdQ6UZ4i0RfrZJBCHlh8CEApan6vViUvL1DgpMaS4zxI%3D | US | der | 278 b | whitelisted |
3348 | DashlaneInst.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D | US | der | 1.47 Kb | whitelisted |
3348 | DashlaneInst.exe | GET | 200 | 93.184.221.240:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?00adbaf6499136e0 | US | compressed | 4.70 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3348 | DashlaneInst.exe | 34.255.201.174:443 | logs.dashlane.com | AMAZON-02 | IE | unknown |
3348 | DashlaneInst.exe | 108.156.61.136:80 | o.ss2.us | AMAZON-02 | US | unknown |
3348 | DashlaneInst.exe | 18.65.40.40:80 | ocsp.sca1b.amazontrust.com | AMAZON-02 | US | whitelisted |
3348 | DashlaneInst.exe | 93.184.221.240:80 | ctldl.windowsupdate.com | EDGECAST | GB | whitelisted |
3348 | DashlaneInst.exe | 108.156.61.214:80 | ocsp.rootca1.amazontrust.com | AMAZON-02 | US | unknown |
3348 | DashlaneInst.exe | 108.156.61.163:80 | ocsp.rootg2.amazontrust.com | AMAZON-02 | US | unknown |
1604 | DashlaneInst.exe | 34.255.201.174:443 | logs.dashlane.com | AMAZON-02 | IE | unknown |
3348 | DashlaneInst.exe | 104.18.27.218:443 | ws1.dashlane.com | CLOUDFLARENET | — | shared |
3348 | DashlaneInst.exe | 93.184.220.29:80 | ocsp.digicert.com | EDGECAST | GB | whitelisted |
1604 | DashlaneInst.exe | 104.18.27.218:443 | ws1.dashlane.com | CLOUDFLARENET | — | shared |
Domain | IP | Reputation |
---|---|---|
logs.dashlane.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
o.ss2.us |
| whitelisted |
ocsp.rootg2.amazontrust.com |
| whitelisted |
ocsp.rootca1.amazontrust.com |
| shared |
ocsp.sca1b.amazontrust.com |
| whitelisted |
ws1.dashlane.com |
| unknown |
ocsp.digicert.com |
| whitelisted |