79e670b74bd1882a0636218909738ba022e263e14c4996db5a170eb470e81000

Analysis

max time kernel
2s
max time network
7s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09-05-2024 19:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

opera_autoupdate.exe
Size

5.4MB
MD5

c0a4326bb2b7d2b44b5abc9a66019a03
SHA1

8e0207a9b55f3cc7d0598473fb6783b1cf3a8804
SHA256

79e670b74bd1882a0636218909738ba022e263e14c4996db5a170eb470e81000
SHA512

c4f2d0242d3d69f0dae100c4fb825f3cebe0316cfaddffdda19e7d22aa46feaad59a4f712710b25afb5bac44b5cae34f96e769021d92240acc10aed3346e7327
SSDEEP

49152:mj2sFUrZs2/kUOarU8IB5hcbrYhCv9D9LhEmMWPBa9iO+MB67zXXCPodXtzXRJEu:m6sbaJIFmfgB0JtzDBlbZy2FW6Aez

Score

7^/10

spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 876 wrote to memory of 748	876	opera_autoupdate.exe	84
PID 876 wrote to memory of 748	876	opera_autoupdate.exe	84

C:\Users\Admin\AppData\Local\Temp\opera_autoupdate.exe
"C:\Users\Admin\AppData\Local\Temp\opera_autoupdate.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:876
- C:\Users\Admin\AppData\Local\Temp\opera_autoupdate.exe
  C:\Users\Admin\AppData\Local\Temp\opera_autoupdate.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=109.0.5097.79 --initial-client-data=0x228,0x22c,0x230,0x204,0x234,0x7ff7cb81f854,0x7ff7cb81f860,0x7ff7cb81f870
  2⤵
  PID:748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads