Analysis Overview
SHA256
772825846835d94e306d78560040161879b9db4b73fd9f7921753fa7441bfce2
Threat Level: Shows suspicious behavior
The file 772825846835d94e306d78560040161879b9db4b73fd9f7921753fa7441bfce2 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Reads user/profile data of web browsers
Loads dropped DLL
UPX packed file
Executes dropped EXE
Enumerates connected drives
Unsigned PE
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 13:53
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 13:53
Reported
2024-06-12 13:55
Platform
win7-20240508-en
Max time kernel
121s
Max time network
122s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\772825846835d94e306d78560040161879b9db4b73fd9f7921753fa7441bfce2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\772825846835d94e306d78560040161879b9db4b73fd9f7921753fa7441bfce2.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\772825846835d94e306d78560040161879b9db4b73fd9f7921753fa7441bfce2.exe
"C:\Users\Admin\AppData\Local\Temp\772825846835d94e306d78560040161879b9db4b73fd9f7921753fa7441bfce2.exe"
Network
Files
\Users\Admin\AppData\Local\Temp\Opera_installer_2406121353103241700.dll
| MD5 | 30f85385033134cb6db41e29ccfc60a4 |
| SHA1 | 77797120af3ff451563627ecb67939d00b722bde |
| SHA256 | f1e2fa22d39268551e4a639dac3f19d2c1de87d85d776b059f0e92d627deb2fe |
| SHA512 | 33941260f6b626a7c07a7cd567c7b28cbccb8c4d8e472f70b85d2a8ec883e9298b3652dbc252905f25c34d3b90a539f00ff2342eef0723c357be298a363991af |
memory/1700-6-0x00000000002B0000-0x000000000086C000-memory.dmp
memory/1700-7-0x00000000002B0000-0x000000000086C000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 13:53
Reported
2024-06-12 13:55
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
151s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\772825846835d94e306d78560040161879b9db4b73fd9f7921753fa7441bfce2.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\772825846835d94e306d78560040161879b9db4b73fd9f7921753fa7441bfce2.exe | N/A |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\772825846835d94e306d78560040161879b9db4b73fd9f7921753fa7441bfce2.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\772825846835d94e306d78560040161879b9db4b73fd9f7921753fa7441bfce2.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\772825846835d94e306d78560040161879b9db4b73fd9f7921753fa7441bfce2.exe
"C:\Users\Admin\AppData\Local\Temp\772825846835d94e306d78560040161879b9db4b73fd9f7921753fa7441bfce2.exe"
C:\Users\Admin\AppData\Local\Temp\772825846835d94e306d78560040161879b9db4b73fd9f7921753fa7441bfce2.exe
C:\Users\Admin\AppData\Local\Temp\772825846835d94e306d78560040161879b9db4b73fd9f7921753fa7441bfce2.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=99.0.4788.49 --initial-client-data=0x2ec,0x2f0,0x2f4,0x2c8,0x2f8,0x74f0a108,0x74f0a118,0x74f0a124
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\772825846835d94e306d78560040161879b9db4b73fd9f7921753fa7441bfce2.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\772825846835d94e306d78560040161879b9db4b73fd9f7921753fa7441bfce2.exe" --version
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | desktop-netinstaller-sub.osp.opera.software | udp |
| US | 8.8.8.8:53 | autoupdate.geo.opera.com | udp |
| US | 8.8.8.8:53 | desktop-netinstaller-sub.osp.opera.software | udp |
| US | 8.8.8.8:53 | autoupdate.geo.opera.com | udp |
| US | 8.8.8.8:53 | desktop-netinstaller-sub.osp.opera.software | udp |
| US | 8.8.8.8:53 | autoupdate.geo.opera.com | udp |
| US | 8.8.8.8:53 | autoupdate.geo.opera.com | udp |
| US | 8.8.8.8:53 | autoupdate.geo.opera.com | udp |
| US | 8.8.8.8:53 | autoupdate.geo.opera.com | udp |
| US | 8.8.8.8:53 | autoupdate.geo.opera.com | udp |
| US | 8.8.8.8:53 | autoupdate.geo.opera.com | udp |
| US | 8.8.8.8:53 | autoupdate.geo.opera.com | udp |
Files
C:\Users\Admin\AppData\Local\Temp\Opera_installer_240612135311292884.dll
| MD5 | 30f85385033134cb6db41e29ccfc60a4 |
| SHA1 | 77797120af3ff451563627ecb67939d00b722bde |
| SHA256 | f1e2fa22d39268551e4a639dac3f19d2c1de87d85d776b059f0e92d627deb2fe |
| SHA512 | 33941260f6b626a7c07a7cd567c7b28cbccb8c4d8e472f70b85d2a8ec883e9298b3652dbc252905f25c34d3b90a539f00ff2342eef0723c357be298a363991af |
memory/884-1-0x00000000001C0000-0x000000000077C000-memory.dmp
memory/3192-4-0x00000000001C0000-0x000000000077C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\772825846835d94e306d78560040161879b9db4b73fd9f7921753fa7441bfce2.exe
| MD5 | d41501d6899358a83d6f39b856517c5b |
| SHA1 | e698963ba1816f8afb76d9f65e935e78cbe3f8b9 |
| SHA256 | 772825846835d94e306d78560040161879b9db4b73fd9f7921753fa7441bfce2 |
| SHA512 | 0804ba6a4ce018dc78383c0c0a9702fa9aee579edd2637ddb61b81aaab79e50efff47ef86703011cd80a6c400f50b8c35512981e71b069dad45978ed619c6f65 |
memory/2424-16-0x0000000000800000-0x0000000000DBC000-memory.dmp
memory/2424-19-0x0000000000800000-0x0000000000DBC000-memory.dmp
memory/884-21-0x00000000001C0000-0x000000000077C000-memory.dmp
memory/3192-22-0x00000000001C0000-0x000000000077C000-memory.dmp