URL:

http://prawnsimply.com/watch.151523579745.js?key=84a3aa81854298fe0794b91196379fdc&kw=["library","genesis"]&refer=https://libgen.rocks/ads.php?md5=6EE75442E767D04E49886AE96410ADC1&tz=5.5&dev=r&res=12.31&uuid=

Full analysis: https://app.any.run/tasks/e61c114f-d8b2-4562-b535-bf4ff2460dd5
Verdict: Malicious activity
Analysis date: October 04, 2022, 19:59:15
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

3F75A69416ACD24CABFD9F6918699E69

SHA1:

2C1BCA9C91C556CA31990F09E8A7827391722F69

SHA256:

3116232E3DC3322619040BA37CE9F7D0FAA8CF675CEC5842286F70053E3F88C6

SSDEEP:

6:COXsgmyiLcdjqRTEGhfFXADsU37KoWhItI6A8T:zvjocdjqACfFQDL37KoWhXs

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Creates files in the user directory

      • opera.exe (PID: 3260)

    • Checks supported languages

      • opera.exe (PID: 3260)

    • Reads the computer name

      • opera.exe (PID: 3260)

    • Reads the date of Windows installation

      • opera.exe (PID: 3260)

    • Check for Java to be installed

      • opera.exe (PID: 3260)

    • Dropped object may contain Bitcoin addresses

      • opera.exe (PID: 3260)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
33
Monitored processes
1
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start opera.exe

Process information

PID
CMD
Path
Indicators
Parent process
3260"C:\Program Files\Opera\opera.exe" "http://prawnsimply.com/watch.151523579745.js?key=84a3aa81854298fe0794b91196379fdc&kw=["library","genesis"]&refer=https://libgen.rocks/ads.php?md5=6EE75442E767D04E49886AE96410ADC1&tz=5.5&dev=r&res=12.31&uuid="C:\Program Files\Opera\opera.exe
Explorer.EXE
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera Internet Browser
Exit code:
0
Version:
1748
Modules
Images
c:\program files\opera\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\rpcrt4.dll
Total events
1 071
Read events
1 012
Write events
59
Delete events
0

Modification events

(PID) Process:(3260) opera.exeKey:HKEY_CURRENT_USER\Software\Opera Software
Operation:writeName:Last CommandLine v2
Value:
C:\Program Files\Opera\opera.exe "http://prawnsimply.com/watch.151523579745.js?key=84a3aa81854298fe0794b91196379fdc&kw=["library","genesis"]&refer=https://libgen.rocks/ads.php?md5=6EE75442E767D04E49886AE96410ADC1&tz=5.5&dev=r&res=12.31&uuid="
(PID) Process:(3260) opera.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
Executable files
0
Suspicious files
9
Text files
15
Unknown types
0

Dropped files

PID
Process
Filename
Type
3260opera.exeC:\Users\admin\AppData\Roaming\Opera\Opera\oprE155.tmptext
MD5:
SHA256:
3260opera.exeC:\Users\admin\AppData\Roaming\Opera\Opera\oprE1E3.tmpxml
MD5:
SHA256:
3260opera.exeC:\Users\admin\AppData\Roaming\Opera\Opera\operaprefs.initext
MD5:
SHA256:
3260opera.exeC:\Users\admin\AppData\Roaming\Opera\Opera\opssl6.datbinary
MD5:
SHA256:
3260opera.exeC:\Users\admin\AppData\Roaming\Opera\Opera\tasks.xmlxml
MD5:
SHA256:
3260opera.exeC:\Users\admin\AppData\Roaming\Opera\Opera\sessions\autosave.win.baktext
MD5:46A734B275C8C258D9D6F508E73B36AD
SHA256:B80192EDC377DD212C9E488E1983FBCD68CF83330576EFD7579B7AB30FA3672B
3260opera.exeC:\Users\admin\AppData\Roaming\Opera\Opera\sessions\oprE135.tmptext
MD5:0100E3D2A29941CEEF4E37312A7FA332
SHA256:0C42C7737A5ABA75C8E2EA967E2A994542B2C641D0A370EDC41BC4D70A7CAC70
3260opera.exeC:\Users\admin\AppData\Roaming\Opera\Opera\global_history.dattext
MD5:
SHA256:
3260opera.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\16ec093b8f51508f.customDestinations-msbinary
MD5:
SHA256:
3260opera.exeC:\Users\admin\AppData\Roaming\Opera\Opera\opcert6.datbinary
MD5:1AA8644C9261DC10F7247F6A145C1DD2
SHA256:58A8933F65361633C6AB194000D312DC9D566F717B1A16814A0DBEE24A60EBE3
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
12
DNS requests
5
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3260
opera.exe
GET
192.243.59.13:80
http://highperformancedformats.com/anonymous/
US
malicious
3260
opera.exe
GET
200
93.184.220.29:80
http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl
US
der
592 b
whitelisted
3260
opera.exe
GET
400
82.145.216.16:80
http://sitecheck2.opera.com/?host=prawnsimply.com&hdn=mRwcuCMIhHYyNrEcVRCpvg==
unknown
html
150 b
whitelisted
3260
opera.exe
GET
200
173.233.137.36:80
http://prawnsimply.com/watch.151523579745.js?key=84a3aa81854298fe0794b91196379fdc&kw=[library,genesis]&refer=https://libgen.rocks/ads.php?md5=6EE75442E767D04E49886AE96410ADC1&tz=5.5&dev=r&res=12.31&uuid=
US
text
115 b
suspicious
3260
opera.exe
GET
200
173.233.137.36:80
http://prawnsimply.com/favicon.ico
US
text
115 b
suspicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3260
opera.exe
173.233.137.36:80
prawnsimply.com
SERVERS-COM
US
suspicious
3260
opera.exe
185.26.182.94:443
certs.opera.com
Opera Software AS
whitelisted
3260
opera.exe
82.145.216.15:80
sitecheck2.opera.com
Opera Software AS
NO
suspicious
3260
opera.exe
173.233.137.60:80
prawnsimply.com
SERVERS-COM
US
suspicious
3260
opera.exe
185.26.182.93:443
certs.opera.com
Opera Software AS
whitelisted
3260
opera.exe
82.145.216.16:80
sitecheck2.opera.com
Opera Software AS
NO
suspicious
3260
opera.exe
93.184.220.29:80
crl3.digicert.com
EDGECAST
GB
whitelisted
3260
opera.exe
192.243.59.13:80
highperformancedformats.com
DataWeb Global Group B.V.
US
malicious

DNS requests

Domain
IP
Reputation
prawnsimply.com
  • 173.233.137.36
  • 173.233.137.60
  • 173.233.137.52
  • 173.233.139.164
  • 173.233.137.44
suspicious
sitecheck2.opera.com
  • 82.145.216.15
  • 82.145.216.16
whitelisted
certs.opera.com
  • 185.26.182.94
  • 185.26.182.93
whitelisted
crl3.digicert.com
  • 93.184.220.29
whitelisted
highperformancedformats.com
  • 192.243.59.13
  • 192.243.61.227
  • 192.243.61.225
  • 192.243.59.12
  • 192.243.59.20
malicious

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
http://prawnsimply.com/watch.151523579745.js?key=84a3aa81854298fe0794b91196379fdc&kw=["library","genesis"]&refer=https://libgen.rocks/ads.php?md5=6EE75442E767D04E49886AE96410ADC1&tz=5.5&dev=r&res=12.31&uuid=