Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

286e664907...63.exe

windows7-x64

7

286e664907...63.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    94s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/09/2024, 00:34 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    286e664907be306f701fc2501bd5c9f8d3851a363f9269da6484431ad986ac63.exe

  • Size

    2.0MB

  • MD5

    b71b63e768643cc6cc854386773ff751

  • SHA1

    95425a1f275484bb905d5742116a6759dabc1b1b

  • SHA256

    286e664907be306f701fc2501bd5c9f8d3851a363f9269da6484431ad986ac63

  • SHA512

    6fe14171df0c7eeedb163bcd0817d92a01bb28c7ed0139e20b9cde3277f5350167cca99b7d7367737dbc07c2ea18b103ecbd96f6c83ee259b789c0f7eb4963d3

  • SSDEEP

    49152:dVAbwLvWVtw64YdUZBg+/yOaLCCxSwsgsO9evVO8AnrZ4EoedMij:7A4vLYK8MaBxSMcRAmEoe+K

Score
8/10
discoveryspywarestealer

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 6 IoCs
  • Loads dropped DLL 7 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Enumerates connected drives 3 TTPs 2 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies system certificate store 2 TTPs 3 IoCs
    evasionspywaretrojan
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\286e664907be306f701fc2501bd5c9f8d3851a363f9269da6484431ad986ac63.exe
    "C:\Users\Admin\AppData\Local\Temp\286e664907be306f701fc2501bd5c9f8d3851a363f9269da6484431ad986ac63.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1000
    • C:\Users\Admin\AppData\Local\Temp\7zS8E30C5C7\setup.exe
      C:\Users\Admin\AppData\Local\Temp\7zS8E30C5C7\setup.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Enumerates connected drives
      • System Location Discovery: System Language Discovery
      • Modifies system certificate store
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4124
      • C:\Users\Admin\AppData\Local\Temp\7zS8E30C5C7\setup.exe
        C:\Users\Admin\AppData\Local\Temp\7zS8E30C5C7\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=113.0.5230.47 --initial-client-data=0x328,0x32c,0x330,0x324,0x334,0x74fbae8c,0x74fbae98,0x74fbaea4
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:4716
      • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe" --version
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:3004
      • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202409020034591\assistant\Assistant_113.0.5230.31_Setup.exe_sfx.exe
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202409020034591\assistant\Assistant_113.0.5230.31_Setup.exe_sfx.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:4668
      • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202409020034591\assistant\assistant_installer.exe
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202409020034591\assistant\assistant_installer.exe" --version
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2228
        • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202409020034591\assistant\assistant_installer.exe
          "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202409020034591\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=113.0.5230.31 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x6d2c48,0x6d2c54,0x6d2c60
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:4416

Network

  • flag-us
    DNS
    97.17.167.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    97.17.167.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    desktop-netinstaller-sub.osp.opera.software
    setup.exe
    Remote address:
    8.8.8.8:53
    Request
    desktop-netinstaller-sub.osp.opera.software
    IN A
    Response
    desktop-netinstaller-sub.osp.opera.software
    IN CNAME
    submit-target.osp.opera.software
    submit-target.osp.opera.software
    IN CNAME
    submit.geo.opera.com
    submit.geo.opera.com
    IN CNAME
    submit-am4.osp.opera.software
    submit-am4.osp.opera.software
    IN A
    82.145.217.121
  • flag-nl
    POST
    https://desktop-netinstaller-sub.osp.opera.software/v1/binary
    setup.exe
    Remote address:
    82.145.217.121:443
    Request
    POST /v1/binary HTTP/1.1
    Authorization: Basic dmFBZUV4c1JXQmViWm9McmNpVGlFSFpmWUdXeUlXMFo6
    User-Agent: Opera installer
    Host: desktop-netinstaller-sub.osp.opera.software
    Content-Length: 461
    Cache-Control: no-cache
    Response
    HTTP/1.1 201 CREATED
    Server: nginx/1.18.0
    Date: Mon, 02 Sep 2024 00:35:02 GMT
    Content-Type: text/html; charset=utf-8
    Content-Length: 36
    Connection: keep-alive
  • flag-nl
    POST
    https://desktop-netinstaller-sub.osp.opera.software/v1/binary
    setup.exe
    Remote address:
    82.145.217.121:443
    Request
    POST /v1/binary HTTP/1.1
    Authorization: Basic dmFBZUV4c1JXQmViWm9McmNpVGlFSFpmWUdXeUlXMFo6
    User-Agent: Opera installer
    Host: desktop-netinstaller-sub.osp.opera.software
    Content-Length: 205
    Cache-Control: no-cache
    Response
    HTTP/1.1 201 CREATED
    Server: nginx/1.18.0
    Date: Mon, 02 Sep 2024 00:35:02 GMT
    Content-Type: text/html; charset=utf-8
    Content-Length: 36
    Connection: keep-alive
  • flag-nl
    POST
    https://desktop-netinstaller-sub.osp.opera.software/v1/binary
    setup.exe
    Remote address:
    82.145.217.121:443
    Request
    POST /v1/binary HTTP/1.1
    Authorization: Basic dmFBZUV4c1JXQmViWm9McmNpVGlFSFpmWUdXeUlXMFo6
    User-Agent: Opera installer
    Host: desktop-netinstaller-sub.osp.opera.software
    Content-Length: 199
    Cache-Control: no-cache
    Response
    HTTP/1.1 201 CREATED
    Server: nginx/1.18.0
    Date: Mon, 02 Sep 2024 00:35:02 GMT
    Content-Type: text/html; charset=utf-8
    Content-Length: 36
    Connection: keep-alive
  • flag-nl
    POST
    https://desktop-netinstaller-sub.osp.opera.software/v1/binary
    setup.exe
    Remote address:
    82.145.217.121:443
    Request
    POST /v1/binary HTTP/1.1
    Authorization: Basic dmFBZUV4c1JXQmViWm9McmNpVGlFSFpmWUdXeUlXMFo6
    User-Agent: Opera installer
    Host: desktop-netinstaller-sub.osp.opera.software
    Content-Length: 193
    Cache-Control: no-cache
    Response
    HTTP/1.1 201 CREATED
    Server: nginx/1.18.0
    Date: Mon, 02 Sep 2024 00:35:02 GMT
    Content-Type: text/html; charset=utf-8
    Content-Length: 36
    Connection: keep-alive
  • flag-nl
    POST
    https://desktop-netinstaller-sub.osp.opera.software/v1/binary
    setup.exe
    Remote address:
    82.145.217.121:443
    Request
    POST /v1/binary HTTP/1.1
    Authorization: Basic dmFBZUV4c1JXQmViWm9McmNpVGlFSFpmWUdXeUlXMFo6
    User-Agent: Opera installer
    Host: desktop-netinstaller-sub.osp.opera.software
    Content-Length: 296
    Cache-Control: no-cache
    Response
    HTTP/1.1 201 CREATED
    Server: nginx/1.18.0
    Date: Mon, 02 Sep 2024 00:35:02 GMT
    Content-Type: text/html; charset=utf-8
    Content-Length: 36
    Connection: keep-alive
  • flag-us
    DNS
    autoupdate.geo.opera.com
    setup.exe
    Remote address:
    8.8.8.8:53
    Request
    autoupdate.geo.opera.com
    IN A
    Response
    autoupdate.geo.opera.com
    IN CNAME
    eu-autoupdate.opera.com
    eu-autoupdate.opera.com
    IN A
    185.26.182.123
    eu-autoupdate.opera.com
    IN A
    185.26.182.124
  • flag-nl
    POST
    https://autoupdate.geo.opera.com/v5/netinstaller/opera/Stable/windows/x64
    setup.exe
    Remote address:
    185.26.182.123:443
    Request
    POST /v5/netinstaller/opera/Stable/windows/x64 HTTP/1.1
    User-Agent: Opera NetInstaller/113.0.5230.47
    Host: autoupdate.geo.opera.com
    Content-Length: 256
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Mon, 02 Sep 2024 00:35:02 GMT
    Content-Type: application/json; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Allow: GET, HEAD, POST
    Cache-Control: no-cache, no-store, must-revalidate, max-age=0
    Pragma: no-cache
    Expires: Thu, 1 Jan 1970 00:00:01 GMT
    X-Content-Type-Options: nosniff
    Referrer-Policy: same-origin
    Cross-Origin-Opener-Policy: same-origin
    Strict-Transport-Security: max-age=31536000; includeSubDomains
  • flag-nl
    GET
    https://autoupdate.geo.opera.com/geolocation/
    setup.exe
    Remote address:
    185.26.182.123:443
    Request
    GET /geolocation/ HTTP/1.1
    User-Agent: Opera NetInstaller/113.0.5230.47
    Host: autoupdate.geo.opera.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Mon, 02 Sep 2024 00:35:02 GMT
    Content-Type: application/json; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Allow: HEAD, GET
    Cache-Control: no-cache, no-store, must-revalidate, max-age=0
    Pragma: no-cache
    Expires: Thu, 1 Jan 1970 00:00:01 GMT
    X-Content-Type-Options: nosniff
    Referrer-Policy: same-origin
    Cross-Origin-Opener-Policy: same-origin
    Strict-Transport-Security: max-age=31536000; includeSubDomains
  • flag-us
    DNS
    features.opera-api2.com
    setup.exe
    Remote address:
    8.8.8.8:53
    Request
    features.opera-api2.com
    IN A
    Response
    features.opera-api2.com
    IN CNAME
    features-2.geo.opera.com
    features-2.geo.opera.com
    IN CNAME
    ams-features.opera-api2.com
    ams-features.opera-api2.com
    IN CNAME
    ams.lb.opera.technology
    ams.lb.opera.technology
    IN A
    185.26.182.112
    ams.lb.opera.technology
    IN A
    185.26.182.93
    ams.lb.opera.technology
    IN A
    185.26.182.94
    ams.lb.opera.technology
    IN A
    185.26.182.106
    ams.lb.opera.technology
    IN A
    185.26.182.111
    ams.lb.opera.technology
    IN A
    185.26.182.118
  • flag-us
    DNS
    features.opera-api2.com
    setup.exe
    Remote address:
    8.8.8.8:53
    Request
    features.opera-api2.com
    IN A
  • flag-us
    DNS
    features.opera-api2.com
    setup.exe
    Remote address:
    8.8.8.8:53
    Request
    features.opera-api2.com
    IN A
  • flag-us
    DNS
    download.opera.com
    setup.exe
    Remote address:
    8.8.8.8:53
    Request
    download.opera.com
    IN A
    Response
    download.opera.com
    IN CNAME
    download.geo.opera.com
    download.geo.opera.com
    IN CNAME
    eu2-download.opera.com
    eu2-download.opera.com
    IN A
    82.145.216.23
    eu2-download.opera.com
    IN A
    82.145.216.24
  • flag-nl
    GET
    https://download.opera.com/download/get/?id=67441&autoupdate=1&ni=1&stream=stable
    setup.exe
    Remote address:
    82.145.216.23:443
    Request
    GET /download/get/?id=67441&autoupdate=1&ni=1&stream=stable HTTP/1.1
    User-Agent: Opera NetInstaller/113.0.5230.47
    Host: download.opera.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 302 Found
    Server: nginx
    Date: Mon, 02 Sep 2024 00:35:11 GMT
    Content-Type: text/html; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Location: https://download5.operacdn.com/ftp/pub/opera/desktop/113.0.5230.47/win/Opera_113.0.5230.47_Autoupdate_x64.exe
    Strict-Transport-Security: max-age=31536000; includeSubDomains
  • flag-nl
    GET
    https://download.opera.com/download/get/?id=67363&autoupdate=1&ni=1
    setup.exe
    Remote address:
    82.145.216.23:443
    Request
    GET /download/get/?id=67363&autoupdate=1&ni=1 HTTP/1.1
    User-Agent: Opera NetInstaller/113.0.5230.47
    Host: download.opera.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 302 Found
    Server: nginx
    Date: Mon, 02 Sep 2024 00:35:26 GMT
    Content-Type: text/html; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Location: https://download3.operacdn.com/ftp/pub/.assistant/113.0.5230.31/Assistant_113.0.5230.31_Setup.exe
    Strict-Transport-Security: max-age=31536000; includeSubDomains
  • flag-us
    DNS
    123.182.26.185.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    123.182.26.185.in-addr.arpa
    IN PTR
    Response
    123.182.26.185.in-addr.arpa
    IN PTR
    eu-autoupdateoperacom
  • flag-us
    DNS
    121.217.145.82.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    121.217.145.82.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    23.216.145.82.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    23.216.145.82.in-addr.arpa
    IN PTR
    Response
    23.216.145.82.in-addr.arpa
    IN PTR
    eu2-downloadoperacom
  • flag-nl
    GET
    https://features.opera-api2.com/api/v2/features?country=GB&language=en&uuid=9847ff4c-12fe-4ee9-8acc-c796ed07f709&product=&channel=Stable&version=113.0.5230.47
    setup.exe
    Remote address:
    185.26.182.112:443
    Request
    GET /api/v2/features?country=GB&language=en&uuid=9847ff4c-12fe-4ee9-8acc-c796ed07f709&product=&channel=Stable&version=113.0.5230.47 HTTP/1.1
    User-Agent: Opera NetInstaller/113.0.5230.47
    Host: features.opera-api2.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Mon, 02 Sep 2024 00:35:11 GMT
    Content-Type: application/json
    Content-Length: 1556
    Connection: keep-alive
    Cache-Control: max-age=3894
    Strict-Transport-Security: max-age=31536000; includeSubDomains
  • flag-us
    DNS
    73.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    73.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    download5.operacdn.com
    setup.exe
    Remote address:
    8.8.8.8:53
    Request
    download5.operacdn.com
    IN A
    Response
    download5.operacdn.com
    IN A
    104.18.10.89
    download5.operacdn.com
    IN A
    104.18.11.89
  • flag-us
    GET
    https://download5.operacdn.com/ftp/pub/opera/desktop/113.0.5230.47/win/Opera_113.0.5230.47_Autoupdate_x64.exe
    setup.exe
    Remote address:
    104.18.10.89:443
    Request
    GET /ftp/pub/opera/desktop/113.0.5230.47/win/Opera_113.0.5230.47_Autoupdate_x64.exe HTTP/1.1
    User-Agent: Opera NetInstaller/113.0.5230.47
    Cache-Control: no-cache
    Host: download5.operacdn.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Mon, 02 Sep 2024 00:35:12 GMT
    Content-Type: application/octet-stream
    Transfer-Encoding: chunked
    Connection: keep-alive
    Last-Modified: Thu, 29 Aug 2024 11:54:02 GMT
    ETag: W/"66d0615a-6506920"
    Strict-Transport-Security: max-age=31536000; includeSubDomains
    CF-Cache-Status: HIT
    Age: 304502
    Server: cloudflare
    CF-RAY: 8bc96b30ade691ee-LHR
  • flag-us
    DNS
    112.182.26.185.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    112.182.26.185.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    112.182.26.185.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    112.182.26.185.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    112.182.26.185.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    112.182.26.185.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    112.182.26.185.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    112.182.26.185.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    89.10.18.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    89.10.18.104.in-addr.arpa
    IN PTR
    Response
  • flag-nl
    POST
    https://desktop-netinstaller-sub.osp.opera.software/v1/binary
    setup.exe
    Remote address:
    82.145.217.121:443
    Request
    POST /v1/binary HTTP/1.1
    Authorization: Basic dmFBZUV4c1JXQmViWm9McmNpVGlFSFpmWUdXeUlXMFo6
    User-Agent: Opera installer
    Host: desktop-netinstaller-sub.osp.opera.software
    Content-Length: 442
    Cache-Control: no-cache
    Response
    HTTP/1.1 201 CREATED
    Server: nginx/1.18.0
    Date: Mon, 02 Sep 2024 00:35:23 GMT
    Content-Type: text/html; charset=utf-8
    Content-Length: 36
    Connection: keep-alive
  • flag-nl
    POST
    https://desktop-netinstaller-sub.osp.opera.software/v1/binary
    setup.exe
    Remote address:
    82.145.217.121:443
    Request
    POST /v1/binary HTTP/1.1
    Authorization: Basic dmFBZUV4c1JXQmViWm9McmNpVGlFSFpmWUdXeUlXMFo6
    User-Agent: Opera installer
    Host: desktop-netinstaller-sub.osp.opera.software
    Content-Length: 193
    Cache-Control: no-cache
    Response
    HTTP/1.1 201 CREATED
    Server: nginx/1.18.0
    Date: Mon, 02 Sep 2024 00:35:23 GMT
    Content-Type: text/html; charset=utf-8
    Content-Length: 36
    Connection: keep-alive
  • flag-nl
    POST
    https://desktop-netinstaller-sub.osp.opera.software/v1/binary
    setup.exe
    Remote address:
    82.145.217.121:443
    Request
    POST /v1/binary HTTP/1.1
    Authorization: Basic dmFBZUV4c1JXQmViWm9McmNpVGlFSFpmWUdXeUlXMFo6
    User-Agent: Opera installer
    Host: desktop-netinstaller-sub.osp.opera.software
    Content-Length: 193
    Cache-Control: no-cache
    Response
    HTTP/1.1 201 CREATED
    Server: nginx/1.18.0
    Date: Mon, 02 Sep 2024 00:35:25 GMT
    Content-Type: text/html; charset=utf-8
    Content-Length: 36
    Connection: keep-alive
  • flag-nl
    POST
    https://desktop-netinstaller-sub.osp.opera.software/v1/binary
    setup.exe
    Remote address:
    82.145.217.121:443
    Request
    POST /v1/binary HTTP/1.1
    Authorization: Basic dmFBZUV4c1JXQmViWm9McmNpVGlFSFpmWUdXeUlXMFo6
    User-Agent: Opera installer
    Host: desktop-netinstaller-sub.osp.opera.software
    Content-Length: 214
    Cache-Control: no-cache
    Response
    HTTP/1.1 201 CREATED
    Server: nginx/1.18.0
    Date: Mon, 02 Sep 2024 00:35:26 GMT
    Content-Type: text/html; charset=utf-8
    Content-Length: 36
    Connection: keep-alive
  • flag-nl
    POST
    https://desktop-netinstaller-sub.osp.opera.software/v1/binary
    setup.exe
    Remote address:
    82.145.217.121:443
    Request
    POST /v1/binary HTTP/1.1
    Authorization: Basic dmFBZUV4c1JXQmViWm9McmNpVGlFSFpmWUdXeUlXMFo6
    User-Agent: Opera installer
    Host: desktop-netinstaller-sub.osp.opera.software
    Content-Length: 262
    Cache-Control: no-cache
    Response
    HTTP/1.1 201 CREATED
    Server: nginx/1.18.0
    Date: Mon, 02 Sep 2024 00:35:26 GMT
    Content-Type: text/html; charset=utf-8
    Content-Length: 36
    Connection: keep-alive
  • flag-nl
    POST
    https://desktop-netinstaller-sub.osp.opera.software/v1/binary
    setup.exe
    Remote address:
    82.145.217.121:443
    Request
    POST /v1/binary HTTP/1.1
    Authorization: Basic dmFBZUV4c1JXQmViWm9McmNpVGlFSFpmWUdXeUlXMFo6
    User-Agent: Opera installer
    Host: desktop-netinstaller-sub.osp.opera.software
    Content-Length: 213
    Cache-Control: no-cache
    Response
    HTTP/1.1 201 CREATED
    Server: nginx/1.18.0
    Date: Mon, 02 Sep 2024 00:35:27 GMT
    Content-Type: text/html; charset=utf-8
    Content-Length: 36
    Connection: keep-alive
  • flag-nl
    POST
    https://desktop-netinstaller-sub.osp.opera.software/v1/binary
    setup.exe
    Remote address:
    82.145.217.121:443
    Request
    POST /v1/binary HTTP/1.1
    Authorization: Basic dmFBZUV4c1JXQmViWm9McmNpVGlFSFpmWUdXeUlXMFo6
    User-Agent: Opera installer
    Host: desktop-netinstaller-sub.osp.opera.software
    Content-Length: 193
    Cache-Control: no-cache
    Response
    HTTP/1.1 201 CREATED
    Server: nginx/1.18.0
    Date: Mon, 02 Sep 2024 00:35:27 GMT
    Content-Type: text/html; charset=utf-8
    Content-Length: 36
    Connection: keep-alive
  • flag-us
    DNS
    79.190.18.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    79.190.18.2.in-addr.arpa
    IN PTR
    Response
    79.190.18.2.in-addr.arpa
    IN PTR
    a2-18-190-79deploystaticakamaitechnologiescom
  • flag-us
    DNS
    79.190.18.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    79.190.18.2.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    download3.operacdn.com
    setup.exe
    Remote address:
    8.8.8.8:53
    Request
    download3.operacdn.com
    IN A
    Response
    download3.operacdn.com
    IN CNAME
    v2.download3.operacdn.com.edgekey.net
    v2.download3.operacdn.com.edgekey.net
    IN CNAME
    e125010.dscd.akamaiedge.net
    e125010.dscd.akamaiedge.net
    IN A
    95.100.200.9
    e125010.dscd.akamaiedge.net
    IN A
    95.100.200.56
  • flag-us
    DNS
    download3.operacdn.com
    setup.exe
    Remote address:
    8.8.8.8:53
    Request
    download3.operacdn.com
    IN A
  • flag-fr
    GET
    https://download3.operacdn.com/ftp/pub/.assistant/113.0.5230.31/Assistant_113.0.5230.31_Setup.exe
    setup.exe
    Remote address:
    95.100.200.9:443
    Request
    GET /ftp/pub/.assistant/113.0.5230.31/Assistant_113.0.5230.31_Setup.exe HTTP/1.1
    User-Agent: Opera NetInstaller/113.0.5230.47
    Cache-Control: no-cache
    Host: download3.operacdn.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Content-Type: application/octet-stream
    Content-Length: 2680840
    Last-Modified: Fri, 23 Aug 2024 04:55:35 GMT
    ETag: "66c81647-28e808"
    Accept-Ranges: bytes
    Date: Mon, 02 Sep 2024 00:35:27 GMT
    Connection: keep-alive
    Strict-Transport-Security: max-age=31536000 ; includeSubDomains
  • flag-us
    DNS
    9.200.100.95.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.200.100.95.in-addr.arpa
    IN PTR
    Response
    9.200.100.95.in-addr.arpa
    IN PTR
    a95-100-200-9deploystaticakamaitechnologiescom
  • flag-us
    DNS
    9.200.100.95.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.200.100.95.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    26.165.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.165.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    15.164.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    15.164.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    15.164.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    15.164.165.52.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    240.221.184.93.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.221.184.93.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    13.86.106.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.86.106.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    77.190.18.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    77.190.18.2.in-addr.arpa
    IN PTR
    Response
    77.190.18.2.in-addr.arpa
    IN PTR
    a2-18-190-77deploystaticakamaitechnologiescom
  • flag-us
    DNS
    13.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.227.111.52.in-addr.arpa
    IN PTR
    Response
  • 82.145.217.121:443
    https://desktop-netinstaller-sub.osp.opera.software/v1/binary
    tls, http
    setup.exe
    4.8kB
     5.4kB
     26
    15

    HTTP Request

    POST https://desktop-netinstaller-sub.osp.opera.software/v1/binary

    HTTP Response

    201

    HTTP Request

    POST https://desktop-netinstaller-sub.osp.opera.software/v1/binary

    HTTP Response

    201

    HTTP Request

    POST https://desktop-netinstaller-sub.osp.opera.software/v1/binary

    HTTP Response

    201

    HTTP Request

    POST https://desktop-netinstaller-sub.osp.opera.software/v1/binary

    HTTP Response

    201

    HTTP Request

    POST https://desktop-netinstaller-sub.osp.opera.software/v1/binary

    HTTP Response

    201
  • 185.26.182.123:443
    https://autoupdate.geo.opera.com/v5/netinstaller/opera/Stable/windows/x64
    tls, http
    setup.exe
    1.4kB
     5.4kB
     14
    9

    HTTP Request

    POST https://autoupdate.geo.opera.com/v5/netinstaller/opera/Stable/windows/x64

    HTTP Response

    200
  • 185.26.182.123:443
    https://autoupdate.geo.opera.com/geolocation/
    tls, http
    setup.exe
    1.1kB
     5.3kB
     15
    10

    HTTP Request

    GET https://autoupdate.geo.opera.com/geolocation/

    HTTP Response

    200
  • 82.145.216.23:443
    https://download.opera.com/download/get/?id=67363&autoupdate=1&ni=1
    tls, http
    setup.exe
    2.6kB
     5.9kB
     25
    14

    HTTP Request

    GET https://download.opera.com/download/get/?id=67441&autoupdate=1&ni=1&stream=stable

    HTTP Response

    302

    HTTP Request

    GET https://download.opera.com/download/get/?id=67363&autoupdate=1&ni=1

    HTTP Response

    302
  • 185.26.182.112:443
    https://features.opera-api2.com/api/v2/features?country=GB&language=en&uuid=9847ff4c-12fe-4ee9-8acc-c796ed07f709&product=&channel=Stable&version=113.0.5230.47
    tls, http
    setup.exe
    1.4kB
     7.2kB
     19
    11

    HTTP Request

    GET https://features.opera-api2.com/api/v2/features?country=GB&language=en&uuid=9847ff4c-12fe-4ee9-8acc-c796ed07f709&product=&channel=Stable&version=113.0.5230.47

    HTTP Response

    200
  • 104.18.10.89:443
    https://download5.operacdn.com/ftp/pub/opera/desktop/113.0.5230.47/win/Opera_113.0.5230.47_Autoupdate_x64.exe
    tls, http
    setup.exe
    6.1MB
     122.9MB
     88095
    87976

    HTTP Request

    GET https://download5.operacdn.com/ftp/pub/opera/desktop/113.0.5230.47/win/Opera_113.0.5230.47_Autoupdate_x64.exe

    HTTP Response

    200
  • 82.145.217.121:443
    https://desktop-netinstaller-sub.osp.opera.software/v1/binary
    tls, http
    setup.exe
    7.2kB
     6.0kB
     32
    19

    HTTP Request

    POST https://desktop-netinstaller-sub.osp.opera.software/v1/binary

    HTTP Response

    201

    HTTP Request

    POST https://desktop-netinstaller-sub.osp.opera.software/v1/binary

    HTTP Response

    201

    HTTP Request

    POST https://desktop-netinstaller-sub.osp.opera.software/v1/binary

    HTTP Response

    201

    HTTP Request

    POST https://desktop-netinstaller-sub.osp.opera.software/v1/binary

    HTTP Response

    201

    HTTP Request

    POST https://desktop-netinstaller-sub.osp.opera.software/v1/binary

    HTTP Response

    201

    HTTP Request

    POST https://desktop-netinstaller-sub.osp.opera.software/v1/binary

    HTTP Response

    201

    HTTP Request

    POST https://desktop-netinstaller-sub.osp.opera.software/v1/binary

    HTTP Response

    201
  • 95.100.200.9:443
    https://download3.operacdn.com/ftp/pub/.assistant/113.0.5230.31/Assistant_113.0.5230.31_Setup.exe
    tls, http
    setup.exe
    101.1kB
     2.8MB
     2014
    2003

    HTTP Request

    GET https://download3.operacdn.com/ftp/pub/.assistant/113.0.5230.31/Assistant_113.0.5230.31_Setup.exe

    HTTP Response

    200
  • 8.8.8.8:53
    97.17.167.52.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    97.17.167.52.in-addr.arpa

  • 8.8.8.8:53
    desktop-netinstaller-sub.osp.opera.software
    dns
    setup.exe
    89 B
     192 B
     1
    1

    DNS Request

    desktop-netinstaller-sub.osp.opera.software

    DNS Response

    82.145.217.121

  • 8.8.8.8:53
    autoupdate.geo.opera.com
    dns
    setup.exe
    70 B
     130 B
     1
    1

    DNS Request

    autoupdate.geo.opera.com

    DNS Response

    185.26.182.123
    185.26.182.124

  • 8.8.8.8:53
    features.opera-api2.com
    dns
    setup.exe
    207 B
     264 B
     3
    1

    DNS Request

    features.opera-api2.com

    DNS Request

    features.opera-api2.com

    DNS Request

    features.opera-api2.com

    DNS Response

    185.26.182.112
    185.26.182.93
    185.26.182.94
    185.26.182.106
    185.26.182.111
    185.26.182.118

  • 8.8.8.8:53
    download.opera.com
    dns
    setup.exe
    64 B
     150 B
     1
    1

    DNS Request

    download.opera.com

    DNS Response

    82.145.216.23
    82.145.216.24

  • 8.8.8.8:53
    123.182.26.185.in-addr.arpa
    dns
    73 B
     110 B
     1
    1

    DNS Request

    123.182.26.185.in-addr.arpa

  • 8.8.8.8:53
    121.217.145.82.in-addr.arpa
    dns
    73 B
     134 B
     1
    1

    DNS Request

    121.217.145.82.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    23.216.145.82.in-addr.arpa
    dns
    72 B
     108 B
     1
    1

    DNS Request

    23.216.145.82.in-addr.arpa

  • 8.8.8.8:53
    73.159.190.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    73.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    download5.operacdn.com
    dns
    setup.exe
    68 B
     100 B
     1
    1

    DNS Request

    download5.operacdn.com

    DNS Response

    104.18.10.89
    104.18.11.89

  • 8.8.8.8:53
    112.182.26.185.in-addr.arpa
    dns
    292 B
     134 B
     4
    1

    DNS Request

    112.182.26.185.in-addr.arpa

    DNS Request

    112.182.26.185.in-addr.arpa

    DNS Request

    112.182.26.185.in-addr.arpa

    DNS Request

    112.182.26.185.in-addr.arpa

  • 8.8.8.8:53
    89.10.18.104.in-addr.arpa
    dns
    71 B
     133 B
     1
    1

    DNS Request

    89.10.18.104.in-addr.arpa

  • 8.8.8.8:53
    79.190.18.2.in-addr.arpa
    dns
    140 B
     133 B
     2
    1

    DNS Request

    79.190.18.2.in-addr.arpa

    DNS Request

    79.190.18.2.in-addr.arpa

  • 8.8.8.8:53
    download3.operacdn.com
    dns
    setup.exe
    136 B
     189 B
     2
    1

    DNS Request

    download3.operacdn.com

    DNS Request

    download3.operacdn.com

    DNS Response

    95.100.200.9
    95.100.200.56

  • 8.8.8.8:53
    9.200.100.95.in-addr.arpa
    dns
    142 B
     135 B
     2
    1

    DNS Request

    9.200.100.95.in-addr.arpa

    DNS Request

    9.200.100.95.in-addr.arpa

  • 8.8.8.8:53
    26.165.165.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    26.165.165.52.in-addr.arpa

  • 8.8.8.8:53
    15.164.165.52.in-addr.arpa
    dns
    144 B
     146 B
     2
    1

    DNS Request

    15.164.165.52.in-addr.arpa

    DNS Request

    15.164.165.52.in-addr.arpa

  • 8.8.8.8:53
    240.221.184.93.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    240.221.184.93.in-addr.arpa

  • 8.8.8.8:53
    13.86.106.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    13.86.106.20.in-addr.arpa

  • 8.8.8.8:53
    77.190.18.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    77.190.18.2.in-addr.arpa

  • 8.8.8.8:53
    13.227.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    13.227.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202409020034591\additional_file0.tmp
    Filesize

    2.6MB

    MD5

    0995a010e2f8b866c6abca90fa49130f

    SHA1

    f282871f9d6333f5bcc738062613c44567a58dc0

    SHA256

    74d4c26b0ee35a7431944e51aaf5ec4ab3338b6776bf44bdfdbc1e201b4fea76

    SHA512

    b98e4bd252a9bdb11a7f15c795910daabdbe8e0ba0fa86a5ee6f8167ff66a9b67790c51f700666239781ad46241926590588b6831d16e5057dcbfebe37c3ae6b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202409020034591\assistant\assistant_installer.exe
    Filesize

    1.9MB

    MD5

    1d980ac7aa07def69627a334168853f9

    SHA1

    c4b6a91eb61eb1a946b922ceef9aea86dde79eb5

    SHA256

    a08d4c13a57600c280d10aa2d0c5c13352638b6ac38651aa908af1c0ec351807

    SHA512

    e8f7afb5299d627d67f6656f71006f60c1dbaa535175ff935d2934197e2ed5faca0f9d64897695965deeeea7612a4229bf117a8243a3b5de902a001d4e91797b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202409020034591\assistant\dbgcore.dll
    Filesize

    166KB

    MD5

    98d373f7e891c8282b7a163880ffff55

    SHA1

    a84b5607aebd38833a96ee46b33f2d1b748e6ea0

    SHA256

    67bce323f46300c83866e02b1a3923b93834e30741999b965b351531073e8f2b

    SHA512

    b417629c5276ed942578273af5d2de4ab35fdb1cec102b47999b0b54d50c98d0ec36e8fca01db8c6f9fc4dc6aa130fef916fe07d131586c84f4a75bb589bb927

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202409020034591\assistant\dbghelp.dll
    Filesize

    1.7MB

    MD5

    49c70bed12c523235e2e154326b1a8f0

    SHA1

    4a011c6909ea9c08357dd4bebdd62f8b3bfab8dd

    SHA256

    27251f799e2d950c561fda99c07ff49553c1d538ccd544bcd1ee12820eed5cd5

    SHA512

    1553f9ddbb95603d82c01668320a128766ba8b039ee127f86a2008de222e9390b4d8b7153443444790c946b40742b85625fbc422e81073a353e9e434cc56eba3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS8E30C5C7\setup.exe
    Filesize

    5.1MB

    MD5

    2ee08ef3d5fb0525ba6277a8fef18c7e

    SHA1

    bfc0066fff086903ad75ce4a8508efcae7b71612

    SHA256

    84f0d1cae62f60d50db85a2604fe8401e4ac87ca94d4cb0a5ad7f518ee8efb68

    SHA512

    7847d2fae0b5907dbf1025ec495b0e0c5d96acea73d149d9d1b5715b7a02858a68e0c7352b6ab7abe6a4c1060ce930aa759dc7a49d36c7a807442b880012e179

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Opera_installer_2409020034581684124.dll
    Filesize

    4.6MB

    MD5

    24a7e7b33088bcf40852a8d3628b8d3d

    SHA1

    a9edfb53f05f5a7228c8b2f52824f1d26d3b4eab

    SHA256

    514c484ed37798c552ec42204fec10b9eedb855e3916cdfa248f1af2f4dac832

    SHA512

    3f48fb02ecaa1869c886e114e4141fa578795f6ae45ca30a88245725fc921ff5453a0ee9a5c905431f4c7f8d45b8d0a9fddb8f39f6ccb0ea4978442400fae7ae

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat
    Filesize

    40B

    MD5

    2d99caddcc30124198a1686330328014

    SHA1

    49854ec1e276029ceb07462215b2269f51ad952c

    SHA256

    1079418548624e07c29cdbcd438f9c379048f9667364b1f17a347b15d4507204

    SHA512

    ea84093c57b624795e1319544e796f6337cd697164479da8ae8109f7cc3af08b2134f74d6ce288d356ef17eb37db4280161222cac31d570727bda5322fd38532

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.