URL: | http://prawnsimply.com/watch.151523579745.js?key=84a3aa81854298fe0794b91196379fdc&kw=["library","genesis"]&refer=https://libgen.rocks/ads.php?md5=6EE75442E767D04E49886AE96410ADC1&tz=5.5&dev=r&res=12.31&uuid= |
Full analysis: | https://app.any.run/tasks/e61c114f-d8b2-4562-b535-bf4ff2460dd5 |
Verdict: | Malicious activity |
Analysis date: | October 04, 2022, 19:59:15 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 3F75A69416ACD24CABFD9F6918699E69 |
SHA1: | 2C1BCA9C91C556CA31990F09E8A7827391722F69 |
SHA256: | 3116232E3DC3322619040BA37CE9F7D0FAA8CF675CEC5842286F70053E3F88C6 |
SSDEEP: | 6:COXsgmyiLcdjqRTEGhfFXADsU37KoWhItI6A8T:zvjocdjqACfFQDL37KoWhXs |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
3260 | "C:\Program Files\Opera\opera.exe" "http://prawnsimply.com/watch.151523579745.js?key=84a3aa81854298fe0794b91196379fdc&kw=["library","genesis"]&refer=https://libgen.rocks/ads.php?md5=6EE75442E767D04E49886AE96410ADC1&tz=5.5&dev=r&res=12.31&uuid=" | C:\Program Files\Opera\opera.exe | Explorer.EXE | ||||||||||||
User: admin Company: Opera Software Integrity Level: MEDIUM Description: Opera Internet Browser Version: 1748 Modules
|
(PID) Process: | (3260) opera.exe | Key: | HKEY_CURRENT_USER\Software\Opera Software |
Operation: | write | Name: | Last CommandLine v2 |
Value: C:\Program Files\Opera\opera.exe "http://prawnsimply.com/watch.151523579745.js?key=84a3aa81854298fe0794b91196379fdc&kw=["library","genesis"]&refer=https://libgen.rocks/ads.php?md5=6EE75442E767D04E49886AE96410ADC1&tz=5.5&dev=r&res=12.31&uuid=" | |||
(PID) Process: | (3260) opera.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US |
PID | Process | Filename | Type | |
---|---|---|---|---|
3260 | opera.exe | C:\Users\admin\AppData\Roaming\Opera\Opera\oprE155.tmp | text | |
MD5:366A802833E8B54F8464DFBBFA5E94C0 | SHA256:AB9C45012E03B583D297C372787025B2BA8F575CE1C6DCA88152CAEA8429E815 | |||
3260 | opera.exe | C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\oprEE58.tmp | text | |
MD5:6772D025C02E5025212E97BAD25E0626 | SHA256:EBD2361B50B90101E12E468BFC85134850F371956109574ED46D8FE55467B74F | |||
3260 | opera.exe | C:\Users\admin\AppData\Roaming\Opera\Opera\operaprefs.ini | text | |
MD5:366A802833E8B54F8464DFBBFA5E94C0 | SHA256:AB9C45012E03B583D297C372787025B2BA8F575CE1C6DCA88152CAEA8429E815 | |||
3260 | opera.exe | C:\Users\admin\AppData\Roaming\Opera\Opera\global_history.dat | text | |
MD5:B463EFE770F151782BC5C964DE079381 | SHA256:0E430B919DC5C5CEB64E41B159F3D6E373C304740F59F23F3E2D98F7FCF3A401 | |||
3260 | opera.exe | C:\Users\admin\AppData\Roaming\Opera\Opera\opssl6.dat | binary | |
MD5:93EE074F55DB8EB5D6133DE1BFA8147C | SHA256:56F25D1FA18157E27EEB3E2413AA4B8C367F95B088D412A55F6AEB296F616F1E | |||
3260 | opera.exe | C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00003.tmp | xml | |
MD5:7966F3F842F1E41B71A94EE31B6DED29 | SHA256:1298A8BC01D74ACDDF2825B82EB242D005C0A816617A7E187FCC0B7BA8E23272 | |||
3260 | opera.exe | C:\Users\admin\AppData\Roaming\Opera\Opera\oprE1E3.tmp | xml | |
MD5:D059CA5F54CA805043F835AC2D2E0950 | SHA256:8B4AEAE9B256ADF2F171233E49787EE4EA77A4F988D9634B3EC08D0B2AA7E04F | |||
3260 | opera.exe | C:\Users\admin\AppData\Roaming\Opera\Opera\tasks.xml | xml | |
MD5:D059CA5F54CA805043F835AC2D2E0950 | SHA256:8B4AEAE9B256ADF2F171233E49787EE4EA77A4F988D9634B3EC08D0B2AA7E04F | |||
3260 | opera.exe | C:\Users\admin\AppData\Roaming\Opera\Opera\opicacrt6.dat | binary | |
MD5:82F1A2B1176A5ECC457D32301E2AD833 | SHA256:A783052804DD4C232BE2ED3DC00C430CB67A20370890E235562ED2B27B5A602E | |||
3260 | opera.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\TFH9MNS8G8NE337UIBWJ.temp | binary | |
MD5:3F7590FD56AC999E0289444034C9CC80 | SHA256:632F80B7AD1F589FE608EF8546E3E7D1B0501A9EC3E38C0140EA1C10ED3E602B |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3260 | opera.exe | GET | — | 192.243.59.13:80 | http://highperformancedformats.com/anonymous/ | US | — | — | malicious |
3260 | opera.exe | GET | 200 | 93.184.220.29:80 | http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl | US | der | 592 b | whitelisted |
3260 | opera.exe | GET | 400 | 82.145.216.16:80 | http://sitecheck2.opera.com/?host=prawnsimply.com&hdn=mRwcuCMIhHYyNrEcVRCpvg== | unknown | html | 150 b | whitelisted |
3260 | opera.exe | GET | 200 | 173.233.137.36:80 | http://prawnsimply.com/favicon.ico | US | text | 115 b | suspicious |
3260 | opera.exe | GET | 200 | 173.233.137.36:80 | http://prawnsimply.com/watch.151523579745.js?key=84a3aa81854298fe0794b91196379fdc&kw=[library,genesis]&refer=https://libgen.rocks/ads.php?md5=6EE75442E767D04E49886AE96410ADC1&tz=5.5&dev=r&res=12.31&uuid= | US | text | 115 b | suspicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3260 | opera.exe | 185.26.182.93:443 | certs.opera.com | Opera Software AS | — | whitelisted |
3260 | opera.exe | 173.233.137.36:80 | prawnsimply.com | SERVERS-COM | US | suspicious |
3260 | opera.exe | 185.26.182.94:443 | certs.opera.com | Opera Software AS | — | whitelisted |
3260 | opera.exe | 173.233.137.60:80 | prawnsimply.com | SERVERS-COM | US | suspicious |
3260 | opera.exe | 82.145.216.15:80 | sitecheck2.opera.com | Opera Software AS | NO | suspicious |
3260 | opera.exe | 93.184.220.29:80 | crl3.digicert.com | EDGECAST | GB | whitelisted |
3260 | opera.exe | 82.145.216.16:80 | sitecheck2.opera.com | Opera Software AS | NO | suspicious |
3260 | opera.exe | 192.243.59.13:80 | highperformancedformats.com | DataWeb Global Group B.V. | US | malicious |
Domain | IP | Reputation |
---|---|---|
prawnsimply.com |
| suspicious |
sitecheck2.opera.com |
| whitelisted |
certs.opera.com |
| whitelisted |
crl3.digicert.com |
| whitelisted |
highperformancedformats.com |
| malicious |