analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

http://prawnsimply.com/watch.151523579745.js?key=84a3aa81854298fe0794b91196379fdc&kw=["library","genesis"]&refer=https://libgen.rocks/ads.php?md5=6EE75442E767D04E49886AE96410ADC1&tz=5.5&dev=r&res=12.31&uuid=

Full analysis: https://app.any.run/tasks/e61c114f-d8b2-4562-b535-bf4ff2460dd5
Verdict: Malicious activity
Analysis date: October 04, 2022, 19:59:15
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

3F75A69416ACD24CABFD9F6918699E69

SHA1:

2C1BCA9C91C556CA31990F09E8A7827391722F69

SHA256:

3116232E3DC3322619040BA37CE9F7D0FAA8CF675CEC5842286F70053E3F88C6

SSDEEP:

6:COXsgmyiLcdjqRTEGhfFXADsU37KoWhItI6A8T:zvjocdjqACfFQDL37KoWhXs

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Checks supported languages

      • opera.exe (PID: 3260)

    • Check for Java to be installed

      • opera.exe (PID: 3260)

    • Reads the date of Windows installation

      • opera.exe (PID: 3260)

    • Reads the computer name

      • opera.exe (PID: 3260)

    • Creates files in the user directory

      • opera.exe (PID: 3260)

    • Dropped object may contain Bitcoin addresses

      • opera.exe (PID: 3260)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
33
Monitored processes
1
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start opera.exe

Process information

PID
CMD
Path
Indicators
Parent process
3260"C:\Program Files\Opera\opera.exe" "http://prawnsimply.com/watch.151523579745.js?key=84a3aa81854298fe0794b91196379fdc&kw=["library","genesis"]&refer=https://libgen.rocks/ads.php?md5=6EE75442E767D04E49886AE96410ADC1&tz=5.5&dev=r&res=12.31&uuid="C:\Program Files\Opera\opera.exe
Explorer.EXE
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera Internet Browser
Version:
1748
Modules
Images
c:\program files\opera\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\rpcrt4.dll
Total events
1 071
Read events
1 012
Write events
59
Delete events
0

Modification events

(PID) Process:(3260) opera.exeKey:HKEY_CURRENT_USER\Software\Opera Software
Operation:writeName:Last CommandLine v2
Value:
C:\Program Files\Opera\opera.exe "http://prawnsimply.com/watch.151523579745.js?key=84a3aa81854298fe0794b91196379fdc&kw=["library","genesis"]&refer=https://libgen.rocks/ads.php?md5=6EE75442E767D04E49886AE96410ADC1&tz=5.5&dev=r&res=12.31&uuid="
(PID) Process:(3260) opera.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
Executable files
0
Suspicious files
9
Text files
15
Unknown types
0

Dropped files

PID
Process
Filename
Type
3260opera.exeC:\Users\admin\AppData\Roaming\Opera\Opera\oprE155.tmptext
MD5:366A802833E8B54F8464DFBBFA5E94C0
SHA256:AB9C45012E03B583D297C372787025B2BA8F575CE1C6DCA88152CAEA8429E815
3260opera.exeC:\Users\admin\AppData\Roaming\Opera\Opera\sessions\oprEE58.tmptext
MD5:6772D025C02E5025212E97BAD25E0626
SHA256:EBD2361B50B90101E12E468BFC85134850F371956109574ED46D8FE55467B74F
3260opera.exeC:\Users\admin\AppData\Roaming\Opera\Opera\operaprefs.initext
MD5:366A802833E8B54F8464DFBBFA5E94C0
SHA256:AB9C45012E03B583D297C372787025B2BA8F575CE1C6DCA88152CAEA8429E815
3260opera.exeC:\Users\admin\AppData\Roaming\Opera\Opera\global_history.dattext
MD5:B463EFE770F151782BC5C964DE079381
SHA256:0E430B919DC5C5CEB64E41B159F3D6E373C304740F59F23F3E2D98F7FCF3A401
3260opera.exeC:\Users\admin\AppData\Roaming\Opera\Opera\opssl6.datbinary
MD5:93EE074F55DB8EB5D6133DE1BFA8147C
SHA256:56F25D1FA18157E27EEB3E2413AA4B8C367F95B088D412A55F6AEB296F616F1E
3260opera.exeC:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00003.tmpxml
MD5:7966F3F842F1E41B71A94EE31B6DED29
SHA256:1298A8BC01D74ACDDF2825B82EB242D005C0A816617A7E187FCC0B7BA8E23272
3260opera.exeC:\Users\admin\AppData\Roaming\Opera\Opera\oprE1E3.tmpxml
MD5:D059CA5F54CA805043F835AC2D2E0950
SHA256:8B4AEAE9B256ADF2F171233E49787EE4EA77A4F988D9634B3EC08D0B2AA7E04F
3260opera.exeC:\Users\admin\AppData\Roaming\Opera\Opera\tasks.xmlxml
MD5:D059CA5F54CA805043F835AC2D2E0950
SHA256:8B4AEAE9B256ADF2F171233E49787EE4EA77A4F988D9634B3EC08D0B2AA7E04F
3260opera.exeC:\Users\admin\AppData\Roaming\Opera\Opera\opicacrt6.datbinary
MD5:82F1A2B1176A5ECC457D32301E2AD833
SHA256:A783052804DD4C232BE2ED3DC00C430CB67A20370890E235562ED2B27B5A602E
3260opera.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\TFH9MNS8G8NE337UIBWJ.tempbinary
MD5:3F7590FD56AC999E0289444034C9CC80
SHA256:632F80B7AD1F589FE608EF8546E3E7D1B0501A9EC3E38C0140EA1C10ED3E602B
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
12
DNS requests
5
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3260
opera.exe
GET
192.243.59.13:80
http://highperformancedformats.com/anonymous/
US
malicious
3260
opera.exe
GET
200
93.184.220.29:80
http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl
US
der
592 b
whitelisted
3260
opera.exe
GET
400
82.145.216.16:80
http://sitecheck2.opera.com/?host=prawnsimply.com&hdn=mRwcuCMIhHYyNrEcVRCpvg==
unknown
html
150 b
whitelisted
3260
opera.exe
GET
200
173.233.137.36:80
http://prawnsimply.com/favicon.ico
US
text
115 b
suspicious
3260
opera.exe
GET
200
173.233.137.36:80
http://prawnsimply.com/watch.151523579745.js?key=84a3aa81854298fe0794b91196379fdc&kw=[library,genesis]&refer=https://libgen.rocks/ads.php?md5=6EE75442E767D04E49886AE96410ADC1&tz=5.5&dev=r&res=12.31&uuid=
US
text
115 b
suspicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3260
opera.exe
185.26.182.93:443
certs.opera.com
Opera Software AS
whitelisted
3260
opera.exe
173.233.137.36:80
prawnsimply.com
SERVERS-COM
US
suspicious
3260
opera.exe
185.26.182.94:443
certs.opera.com
Opera Software AS
whitelisted
3260
opera.exe
173.233.137.60:80
prawnsimply.com
SERVERS-COM
US
suspicious
3260
opera.exe
82.145.216.15:80
sitecheck2.opera.com
Opera Software AS
NO
suspicious
3260
opera.exe
93.184.220.29:80
crl3.digicert.com
EDGECAST
GB
whitelisted
3260
opera.exe
82.145.216.16:80
sitecheck2.opera.com
Opera Software AS
NO
suspicious
3260
opera.exe
192.243.59.13:80
highperformancedformats.com
DataWeb Global Group B.V.
US
malicious

DNS requests

Domain
IP
Reputation
prawnsimply.com
  • 173.233.137.36
  • 173.233.137.60
  • 173.233.137.52
  • 173.233.139.164
  • 173.233.137.44
suspicious
sitecheck2.opera.com
  • 82.145.216.15
  • 82.145.216.16
whitelisted
certs.opera.com
  • 185.26.182.94
  • 185.26.182.93
whitelisted
crl3.digicert.com
  • 93.184.220.29
whitelisted
highperformancedformats.com
  • 192.243.59.13
  • 192.243.61.227
  • 192.243.61.225
  • 192.243.59.12
  • 192.243.59.20
malicious

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
http://prawnsimply.com/watch.151523579745.js?key=84a3aa81854298fe0794b91196379fdc&kw=["library","genesis"]&refer=https://libgen.rocks/ads.php?md5=6EE75442E767D04E49886AE96410ADC1&tz=5.5&dev=r&res=12.31&uuid=