Analysis Overview
SHA256
61c2c4a5d7c14f77ee88871ded4cc7f1e49dae3e4ef209504c66fedf4d22de42
Threat Level: Likely benign
The file updated traced_04202236.exe was found to be: Likely benign.
Malicious Activity Summary
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
System Location Discovery: System Language Discovery
Modifies registry class
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-27 15:14
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-27 15:14
Reported
2024-10-27 15:15
Platform
win11-20241007-en
Max time kernel
21s
Max time network
25s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\OperaGX.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS82CE5687\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS82CE5687\setup.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS82CE5687\setup.exe | N/A |
Reads user/profile data of web browsers
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\updated traced_04202236.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\OperaGX.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zS82CE5687\setup.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Opera GXStable | C:\Users\Admin\AppData\Local\Temp\updated traced_04202236.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Opera GXStable | C:\Users\Admin\AppData\Local\Temp\updated traced_04202236.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\updated traced_04202236.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\updated traced_04202236.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\updated traced_04202236.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\updated traced_04202236.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\updated traced_04202236.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\updated traced_04202236.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\updated traced_04202236.exe
"C:\Users\Admin\AppData\Local\Temp\updated traced_04202236.exe"
C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\a0b08de9cb664002bab05b2e60b678e1 /t 2156 /p 868
C:\Users\Admin\AppData\Local\OperaGX.exe
C:\Users\Admin\AppData\Local\OperaGX.exe --silent --allusers=0
C:\Users\Admin\AppData\Local\Temp\7zS82CE5687\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS82CE5687\setup.exe --silent --allusers=0 --server-tracking-blob=OWUyZjE4ZGIxNjlkODdiYjc1MDQ2OWRhODNiY2U4ODc0YTBmMzJkMWMyM2RhZDAxOWI2YzIwZDRhMDVmZDEzMDp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYV9neCIsInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX0dCX1BCNV8zNTc1JnV0bV9pZD0yMjRmYzZjODI1NmE0ZGEzYjlkNzU2MTZhNDNmNzcyOSZ1dG1fY29udGVudD0zNTc1X0ZpbGVETSIsInRpbWVzdGFtcCI6IjE3MzAwNDIxMDAuNzcyNSIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNC4wIChjb21wYXRpYmxlOyBNU0lFIDcuMDsgV2luZG93cyBOVCA2LjI7IFdPVzY0OyBUcmlkZW50LzcuMDsgLk5FVDQuMEM7IC5ORVQ0LjBFOyAuTkVUIENMUiAyLjAuNTA3Mjc7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgLk5FVCBDTFIgMy41LjMwNzI5KSIsInV0bSI6eyJjYW1wYWlnbiI6IlBXTl9HQl9QQjVfMzU3NSIsImNvbnRlbnQiOiIzNTc1X0ZpbGVETSIsImlkIjoiMjI0ZmM2YzgyNTZhNGRhM2I5ZDc1NjE2YTQzZjc3MjkiLCJtZWRpdW0iOiJwYSIsInNvdXJjZSI6IlBXTmdhbWVzIn0sInV1aWQiOiIwMDc5YWIxZi01MTY0LTQ1NGYtYTgxNi03MDAwMTA2Y2ZlOWEifQ==
C:\Users\Admin\AppData\Local\Temp\7zS82CE5687\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS82CE5687\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.123 --initial-client-data=0x330,0x334,0x338,0x30c,0x33c,0x70c48c5c,0x70c48c68,0x70c48c74
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version
C:\Users\Admin\AppData\Local\Temp\7zS82CE5687\setup.exe
"C:\Users\Admin\AppData\Local\Temp\7zS82CE5687\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=0 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=1308 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20241027151516" --session-guid=beaeb32f-897a-4c20-b350-487507d3da4c --server-tracking-blob=YzU2YTc4ZjVhZjg3Mzc4MWNmZWZhZDI3MjlhM2NhOTZhN2Q5MDc0M2RjOWM2ZjM2OTAzMTg3MGMwNjA3MzAzOTp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX0dCX1BCNV8zNTc1JnV0bV9pZD0yMjRmYzZjODI1NmE0ZGEzYjlkNzU2MTZhNDNmNzcyOSZ1dG1fY29udGVudD0zNTc1X0ZpbGVETSIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjExIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTczMDA0MjEwMC43NzI1IiwidXNlcmFnZW50IjoiTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgNy4wOyBXaW5kb3dzIE5UIDYuMjsgV09XNjQ7IFRyaWRlbnQvNy4wOyAuTkVUNC4wQzsgLk5FVDQuMEU7IC5ORVQgQ0xSIDIuMC41MDcyNzsgLk5FVCBDTFIgMy4wLjMwNzI5OyAuTkVUIENMUiAzLjUuMzA3MjkpIiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX0dCX1BCNV8zNTc1IiwiY29udGVudCI6IjM1NzVfRmlsZURNIiwiaWQiOiIyMjRmYzZjODI1NmE0ZGEzYjlkNzU2MTZhNDNmNzcyOSIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6IjAwNzlhYjFmLTUxNjQtNDU0Zi1hODE2LTcwMDAxMDZjZmU5YSJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=0C06000000000000
C:\Users\Admin\AppData\Local\Temp\7zS82CE5687\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS82CE5687\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.123 --initial-client-data=0x328,0x32c,0x33c,0x304,0x340,0x6ff08c5c,0x6ff08c68,0x6ff08c74
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.dlsft.com | udp |
| US | 35.190.60.70:443 | dlsft.com | tcp |
| GB | 142.250.180.3:80 | o.pki.goog | tcp |
| GB | 142.250.180.3:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.60.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| GB | 142.250.180.3:80 | o.pki.goog | tcp |
| US | 35.190.60.70:443 | dlsft.com | tcp |
| US | 35.190.60.70:443 | dlsft.com | tcp |
| US | 104.21.60.113:443 | filedm.com | tcp |
| NL | 18.238.243.102:443 | dpd.securestudies.com | tcp |
| US | 165.193.78.234:80 | post.securestudies.com | tcp |
| US | 172.67.174.4:443 | www.ovardu.com | tcp |
| US | 165.193.78.234:80 | post.securestudies.com | tcp |
| NL | 185.26.182.111:443 | net.geo.opera.com | tcp |
| NL | 18.238.246.206:80 | ocsp.r2m02.amazontrust.com | tcp |
| US | 165.193.78.234:443 | post.securestudies.com | tcp |
| NL | 185.26.182.123:443 | autoupdate.geo.opera.com | tcp |
| NL | 82.145.216.20:443 | autoupdate.opera.com | tcp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| US | 104.18.25.17:443 | api.config.opr.gg | tcp |
| NL | 82.145.216.23:443 | download.opera.com | tcp |
Files
C:\Users\Admin\AppData\Local\OperaGX.exe
| MD5 | af793d005904f542c8ca8854483357a4 |
| SHA1 | 7de3c62db3cd1e65cf1213e531680b7fdfa9b625 |
| SHA256 | 6e245bafdb5a712d06f49598246a17a887952a50e50c83725f8ece058290525f |
| SHA512 | 3c6eb3196b0e7b7dfcf98a26f4d582d9c6dbaf3c4f8a0893ebb6af65c07e8df633b852ca16ada9c73e3ed254f3183a4c921365de25ed09cd7f813ef3ce8ae07e |
C:\Users\Admin\AppData\Local\Temp\7zS82CE5687\setup.exe
| MD5 | a910474aad1eea96921d359e1763d2fd |
| SHA1 | 8f663c05861ce93a1418607bd208c21dc7263237 |
| SHA256 | 5354a7fa4ef330546d79e1ea02c456084400d0b47d52aaa43b088340981f461e |
| SHA512 | 8654f3c5eb98dd4097ed5367771f2f3487a4c90f95754ca39b8900ab52c2c78ab6f90da339c1cce06364ca242d49901a7ebbac92cf14955e3a267ea988c194e4 |
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2410271515151681308.dll
| MD5 | 94a99783bf5a9aeb8a0c8adcbb144ac8 |
| SHA1 | f5682606d1a3774a44d58a42391533899578897b |
| SHA256 | 5d8acd8032a3f3147b50e88dd1141312f9232f46ee0cb9487efae3c23545a0e9 |
| SHA512 | f545d11b103b79a00f8118000a447b26f76520f9ae4c4e78542237eb11b931b98900f62065ae3fbff747a79d6954d15a7ccb123b2adcfc81df71c17a6cf840a2 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
| MD5 | 4894ca49405b52a5a723613b4040bf1d |
| SHA1 | 857826d435ac1ca06b6c0788497c10deb6745924 |
| SHA256 | 65aaf48dcb846b74335b422484c993cf245a15418b01999b3cdec7fba64c0fb5 |
| SHA512 | 1b4f9d18462c3445d0e01fd7f94dc84f47b030b1ec1db13d7679cc9ab47c61d3021ee53415f07efc24395e16da9c7324b651b33f56df989b6d36f400c8eee02f |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
| MD5 | 01ea233245aaf9d7a5d46f27fe44e4b6 |
| SHA1 | 8b5da075efd12aee93b7f85f1c98e6264a29c9d0 |
| SHA256 | 4c2a1ed1741e33b6cc5a4205a75e5e8597067a35f19ffdfa048eeb68835ee869 |
| SHA512 | 5bf4ea8f61e31d6dc77e11e50016508e1d33b0f9eba9739ad89e59be9ba0a8fc6f99ed05e0b84e4f8963175ab37f2b13fd71a6776b465adc38a033f0bc2003a4 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
| MD5 | 0f9a2670195657aeed7ad21d47924d66 |
| SHA1 | dc26c699f88780bc1261e14553a517bcc31e00cf |
| SHA256 | c767730c983610c53f272ccd1ca5b520e3f46834fd9827b4597786a8fb1abeeb |
| SHA512 | 72d6f13907007c961d969354faef78802cf48f6e562201e4d59ec8a791a2f95995b2843dfea99853d41008065ba73d01319fea6a19e566c96fe297d5a0f13741 |
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2410271515162313664.dll
| MD5 | faf6b22a05ec00349b7c31a6bbe26215 |
| SHA1 | ed115fc7e9d1620181076a0c1d28d9fb62cf27e2 |
| SHA256 | 6b2f04dea184d32523edd25e0efb31a545bfc8d802aa6496f37c60730692da46 |
| SHA512 | ab3c41c5e546fc22fe3052b7748dd3832ae2b180b049585a16e885a6d35d27d36639ba61804fc4ed9273153d6230e0538114646760ecbe13c4ff5fa730fad37d |
C:\Users\Admin\AppData\Local\Temp\7zS82CE5687\setup.exe
| MD5 | 923892af78d2f9d4459a694cfa7baf39 |
| SHA1 | bf22062cf05d1e836739b9848d83069691783232 |
| SHA256 | b1a12d9539c3afb5e88004ec65960ee47ad5254cf36a014b0fdf5067bd0e3fca |
| SHA512 | 919b25b355d9b4b266f4979229bc4e54e546dcc3f885f89302efbb5e0d59dbc536e5d3893e7609a8f5acac9c05991e283dceff347dc3e941a0787952937bef90 |
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2410271515164503704.dll
| MD5 | 545dd3eace94b42a33b534972f1b4671 |
| SHA1 | 9db36be82bb01a920f80642481ba8da9a8469a63 |
| SHA256 | 6ab99c353d5b6204293d1af6a064d7bd144c46ef92457b0f5826980f7cc1ec75 |
| SHA512 | cc4a963e944f79f8f8560b194ac307235ac8b527a52dcdf2d5de6e96f34727c72883d6c972d54ed33d5b3366dc0165029de0c9018586cb702dd5b792c1aaf9ef |
C:\Users\Admin\AppData\Local\Temp\7zS82CE5687\setup.exe
| MD5 | ba186a49895986c50dee70c426115792 |
| SHA1 | c34e764e98c1bcb4948e11fc5d6fee361117645a |
| SHA256 | 45a139a9921abffbad2a319533bf38cc515b83529cc815cfff6ac769d453ed15 |
| SHA512 | 231507090d877593826f0f634c3b6b9b9720663e179a7f0c0a6620bcd0e96049419b61531665ca677f3e501effcdb8f657dde3952568617e7de543086464071f |
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2410271515165593896.dll
| MD5 | 631d62d1c5b69c7c62996e2792befbe4 |
| SHA1 | 76af5911007b9ce1c8bd1e84870a1451514c8210 |
| SHA256 | 8aba6151eda94f2739e74336037297a0c2a0c65264b79cb9967d4a94c1241b68 |
| SHA512 | 623f869b8efa1b816b5f5c2babfc0a6a6fe68c19b9dff3480e0d1c35aa1fc740c510aeb2b302750cd71dc73eb96249285654a603f7e19962173429ed6848e0f1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8
| MD5 | 971c514f84bba0785f80aa1c23edfd79 |
| SHA1 | 732acea710a87530c6b08ecdf32a110d254a54c8 |
| SHA256 | f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895 |
| SHA512 | 43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8
| MD5 | 0ca56c1a90109d7be10406d405e46a9d |
| SHA1 | 126f75b08fee4bafc68be9d69964a8161f475fb9 |
| SHA256 | e3d6daf74c5de32dc2b98c72e1ed0071a820f79dae64d77549d2a47382aaceb1 |
| SHA512 | 17c2c7adc0c0cb609b44e79b71803a6715e93f755ddd2c37b7bd741cc38ec490a30c4d2da576a5fb1e22aae358e61bb2f7a99ce5cc2a81764920c202f1bea98d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12
| MD5 | 67e486b2f148a3fca863728242b6273e |
| SHA1 | 452a84c183d7ea5b7c015b597e94af8eef66d44a |
| SHA256 | facaf1c3a4bf232abce19a2d534e495b0d3adc7dbe3797d336249aa6f70adcfb |
| SHA512 | d3a37da3bb10a9736dc03e8b2b49baceef5d73c026e2077b8ebc1b786f2c9b2f807e0aa13a5866cf3b3cafd2bc506242ef139c423eaffb050bbb87773e53881e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12
| MD5 | e6b2f7447d3c38eb61ea1b3990b32291 |
| SHA1 | 2a55133e1ae7f6e9a1f90bfe82a8bc255e8f612f |
| SHA256 | c46e2c4766f22df446854be57a0407b09953eae190cc25cc106ac985002f0852 |
| SHA512 | 8c43f6b923eb8b9a9b88b8d5f395df6062fccff420b78e10eec5eacee06362859c96169d3ddf2f167c9a8f77e6850f682e60fe42f8cc35016795aef45be68e4d |