63f5da2b6391e5326f76e6b0589efe119aad2d067d6b283d67c3e22cb0062fbe

General

Target

Microsoft.DataTools.IntegrationServices.exe
Size

514.7MB
MD5

df3903dac9adf783f065841f635499f7
SHA1

9d58bf8c3a4836a9c47c382650fa2e40f2e5e9d3
SHA256

63f5da2b6391e5326f76e6b0589efe119aad2d067d6b283d67c3e22cb0062fbe
SHA512

55ae2585dfac07c8ba7e7b50f062839c461498f013386429385079a2f6a23ce45af5f1ecf7276e0230daed6c5aa6c9a7ec84dcdbe01377b5de774b0add73949a
SSDEEP

12582912:FJVuegX+pdu98Saa+PTGAQvSsvrNQ4gLkCJnE:FJ4l+TuOZTGX3bgLk6E

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 9 IoCs

pid	Process
2168	Microsoft.DataTools.IntegrationServices.exe
2168	Microsoft.DataTools.IntegrationServices.exe
2168	Microsoft.DataTools.IntegrationServices.exe
2168	Microsoft.DataTools.IntegrationServices.exe
2168	Microsoft.DataTools.IntegrationServices.exe
2168	Microsoft.DataTools.IntegrationServices.exe
2168	Microsoft.DataTools.IntegrationServices.exe
2168	Microsoft.DataTools.IntegrationServices.exe
2168	Microsoft.DataTools.IntegrationServices.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5048 wrote to memory of 2168	5048	Microsoft.DataTools.IntegrationServices.exe	90
PID 5048 wrote to memory of 2168	5048	Microsoft.DataTools.IntegrationServices.exe	90
PID 5048 wrote to memory of 2168	5048	Microsoft.DataTools.IntegrationServices.exe	90

C:\Users\Admin\AppData\Local\Temp\Microsoft.DataTools.IntegrationServices.exe
"C:\Users\Admin\AppData\Local\Temp\Microsoft.DataTools.IntegrationServices.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5048
- C:\Users\Admin\AppData\Local\Temp\Microsoft.DataTools.IntegrationServices.exe
  "C:\Users\Admin\AppData\Local\Temp\Microsoft.DataTools.IntegrationServices.exe" -burn.unelevated BurnPipe.{530D3626-C561-4D9A-91CC-D50BCCA9F62B} {EC1AD79D-E47E-4FFD-AD58-96CE8F99BD57} 5048
  2⤵
  - Loads dropped DLL
  PID:2168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4872 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8
1⤵
PID:1724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4024 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8
1⤵
PID:4980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\{770129ed-26f8-4aae-b8d5-90a78343da6b}\.ba1\BootstrapperCore.config

Filesize
1KB

MD5
e44203ff8329e73773e41d5ddee2834f

SHA1
e5bff4971f0b9ec9a562c0682615cb364f24b03c

SHA256
78d080f1401b6823030bc3238b7bff0035808df268fc0662f52d52f6526b1dac

SHA512
c65f02c1c010cfaeab0004eb7f37bf2a34a1a556f6805ce43987261a2a221ff8b86ec21fc60c5ea53888d3f8b5b7098f2aac31fcbc912ffc5336102375417b1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{770129ed-26f8-4aae-b8d5-90a78343da6b}\.ba1\BootstrapperCore.dll

Filesize
76KB

MD5
61bcc9cec0331d8792419c16658a5097

SHA1
4705dc05ae2b1c2f0efb5f615b613bf0c530b22d

SHA256
460229b38607328f0451e6fe9167795bc57e703643281a3a2575a5802cad5464

SHA512
9cbc87eceb083156da64e257c2638c845192a81dd8395509da861eef0fa5b1e3c956b00fdba08a18cbc9d14decfa40150afb87ddda2472aea76b4014db4c404b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{770129ed-26f8-4aae-b8d5-90a78343da6b}\.ba1\Microsoft.DataTools.IntegrationServices.ManagedBootstrapperApp.dll

Filesize
170KB

MD5
3a3a8c8f0108f099893fe74818fc6ff4

SHA1
05d56153566c5564cfc70a1a215c5219e3eeb691

SHA256
b282bdeb6cdf7ce939d133d5b35a1fe02da3d130ceb52b1829ddd21256a223d2

SHA512
23228c7afea462e809984c3b30c2c46e579bff1e69b2af7957efb2f6831ff3d7f2fa673682835e86d106d766b701eaef1228fa8ca1a3ca8f3dd203482a5b4249

Download Submit
C:\Users\Admin\AppData\Local\Temp\{770129ed-26f8-4aae-b8d5-90a78343da6b}\.ba1\Microsoft.Deployment.WindowsInstaller.dll

Filesize
176KB

MD5
e40b6cf47c201a0c9258a47e3c428afb

SHA1
78924687bbb18b4d9ef12db7fd902fc446b5f3e6

SHA256
ae57179d09ec54a51208443ca0583bda3a229198c409e17544bbf8dc09efa60a

SHA512
3207c8e78f901d8ba45a7cf32e2e18b5c6e731e1bd5ea511d97893427d66a5d9cfe442f0c40db434b2b7f78ed83bf7ec816491aea0919cd44ad568e8c862c274

Download Submit
C:\Users\Admin\AppData\Local\Temp\{770129ed-26f8-4aae-b8d5-90a78343da6b}\.ba1\Microsoft.Practices.Prism.Mvvm.dll

Filesize
30KB

MD5
de2ee70b925501cb3d29707a6c0bf0e5

SHA1
99002cd52db1dd170c972381f2b530b55d2a99b9

SHA256
06f36c88682b48640e1adc2d8320672b210db2c5eb0038eaae7d21b809e1a3ba

SHA512
9da49222e486e31b5e87c0e915fdd040b49665836b308fabe6f260fbdeffc6bc819fd0bd3a94c69eda30228d864c2cdf7302790076cd49a572e551048e4581a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\{770129ed-26f8-4aae-b8d5-90a78343da6b}\.ba1\mbahost.dll

Filesize
64KB

MD5
378c1e451958a8ad8a37c09c1866dcde

SHA1
4912fa9782aff6393a6bf10654bb73b259c96c26

SHA256
b195efaa108149643d991364ab6c1a56ccbadd5cfc35dda98b41d3c4a51f614a

SHA512
05efdeb12d3fde3dc3318810208672bc9bdb2d9e4f8eeb121f73b4749c85f47f9775d1a1f9e904568ae66be68ebb11c21b28f3378913294f3060c781f40c6faa

Download Submit
memory/2168-61-0x0000000073620000-0x0000000073DD0000-memory.dmp

Filesize
7.7MB

Download
memory/2168-78-0x00000000035C0000-0x00000000035C8000-memory.dmp

Filesize
32KB

Download
memory/2168-59-0x0000000073620000-0x0000000073DD0000-memory.dmp

Filesize
7.7MB

Download
memory/2168-68-0x00000000058E0000-0x000000000590C000-memory.dmp

Filesize
176KB

Download
memory/2168-58-0x0000000002E60000-0x0000000002E76000-memory.dmp

Filesize
88KB

Download
memory/2168-72-0x0000000005A80000-0x0000000005AB0000-memory.dmp

Filesize
192KB

Download
memory/2168-53-0x000000007362E000-0x000000007362F000-memory.dmp

Filesize
4KB

Download
memory/2168-76-0x0000000003010000-0x000000000301C000-memory.dmp

Filesize
48KB

Download
memory/2168-77-0x00000000035B0000-0x00000000035BA000-memory.dmp

Filesize
40KB

Download
memory/2168-62-0x0000000073620000-0x0000000073DD0000-memory.dmp

Filesize
7.7MB

Download
memory/2168-80-0x0000000073620000-0x0000000073DD0000-memory.dmp

Filesize
7.7MB

Download
memory/2168-81-0x0000000006250000-0x0000000006258000-memory.dmp

Filesize
32KB

Download
memory/2168-83-0x00000000082D0000-0x00000000082D8000-memory.dmp

Filesize
32KB

Download
memory/2168-84-0x0000000008320000-0x0000000008358000-memory.dmp

Filesize
224KB

Download
memory/2168-85-0x00000000082E0000-0x00000000082EE000-memory.dmp

Filesize
56KB

Download
memory/2168-86-0x0000000073620000-0x0000000073DD0000-memory.dmp

Filesize
7.7MB

Download
memory/2168-87-0x000000007362E000-0x000000007362F000-memory.dmp

Filesize
4KB

Download
memory/2168-88-0x0000000073620000-0x0000000073DD0000-memory.dmp

Filesize
7.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads