File name:

OperaGXSetup.exe

Full analysis: https://app.any.run/tasks/c2195c30-1532-4bf9-b011-85014905f361
Verdict: Malicious activity
Analysis date: September 21, 2024, 10:48:05
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

DD904C66FE47562007BCB8406F1C2E89

SHA1:

7CF701A177F9F8F2F61877F6BAAC61AFAB59F852

SHA256:

3E59638241D92A269CD5AF6B4CB02B36302AC50EA0DEDC5910D626936C218CA1

SSDEEP:

98304:YwyWSeMgtibP1SlLYS5gf3JeeKhIeO/W+v3ESzk8xn7cQUILZHo/ObG8hzS14PrA:Y3+7

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • OperaGXSetup.exe (PID: 4060)
      • setup.exe (PID: 2492)
      • setup.exe (PID: 2400)

    • Reads security settings of Internet Explorer

      • setup.exe (PID: 2400)

    • Checks Windows Trust Settings

      • setup.exe (PID: 2400)

    • Application launched itself

      • setup.exe (PID: 2400)

  • INFO

    • Checks supported languages

      • OperaGXSetup.exe (PID: 4060)
      • setup.exe (PID: 2400)
      • setup.exe (PID: 2492)

    • Creates files or folders in the user directory

      • setup.exe (PID: 2492)
      • setup.exe (PID: 2400)

    • Create files in a temporary directory

      • OperaGXSetup.exe (PID: 4060)
      • setup.exe (PID: 2400)
      • setup.exe (PID: 2492)

    • Checks proxy server information

      • setup.exe (PID: 2400)

    • Reads the machine GUID from the registry

      • setup.exe (PID: 2400)

    • Reads the computer name

      • setup.exe (PID: 2400)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:06:12 14:59:19+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.39
CodeSize: 238080
InitializedDataSize: 92672
UninitializedDataSize: -
EntryPoint: 0x213c0
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 113.0.5230.108
ProductVersionNumber: 113.0.5230.108
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Unknown
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
FileVersion: 113.0.5230.108
ProductVersion: 113.0.5230.108
FileDescription: Opera installer SFX
CompanyName:
LegalCopyright: Opera Software 2024
Productname: Opera installer
Stream: Stable
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
121
Monitored processes
3
Malicious processes
0
Suspicious processes
1

Behavior graph

Click at the process to see the details
start operagxsetup.exe setup.exe setup.exe

Process information

PID
CMD
Path
Indicators
Parent process
2400C:\Users\admin\AppData\Local\Temp\7zSCDFCE5DF\setup.exe --server-tracking-blob=MDE4ZjMzN2FkMmIzYjYxNGQxMmNhMWNiM2MyNTg1ZjJiMGIzNWQzOGM5N2FkYzRmY2EyNDEwMWQ2Y2MxMzBhMjp7ImNvdW50cnkiOiJERSIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhX2d4IiwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9ERV9IVlJfV0VCXzM1NDYmZWRpdGlvbj1zdGQtMiZ1dG1fY29udGVudD0zNTQ2XzA3ZGUzY2M0LWI4YjItNDdkMi1hOTI0LWY2YmQwOGUyYzFkNiZ1dG1faWQ9NTkxNTk4MjBkZDVmNDBhNzg3NTQ5YWUzYzA0YzIzYzYmaHR0cF9yZWZlcnJlcj1odHRwcyUzQSUyRiUyRnd3dy5vcGVyYS5jb20lMkZnZXQlMkZvcGVyYS1neCUzRnV0bV9jb250ZW50JTNEMzU0Nl8wN2RlM2NjNC1iOGIyLTQ3ZDItYTkyNC1mNmJkMDhlMmMxZDYlMjZ1dG1fc291cmNlJTNEUFdOZ2FtZXMlMjZ1dG1fbWVkaXVtJTNEcGElMjZ1dG1fY2FtcGFpZ24lM0RQV05fREVfSFZSX1dFQl8zNTQ2JTI2dXRtX2lkJTNENTkxNTk4MjBkZDVmNDBhNzg3NTQ5YWUzYzA0YzIzYzYlMjZlZGl0aW9uJTNEc3RkLTImdXRtX3NpdGU9b3BlcmFfY29tJnV0bV9sYXN0cGFnZT1vcGVyYS5jb20lMkZnZXQlMkZvcGVyYS1neCZ1dG1faWQ9NTkxNTk4MjBkZDVmNDBhNzg3NTQ5YWUzYzA0YzIzYzYmZGxfdG9rZW49NzczMTE2NzkiLCJ0aW1lc3RhbXAiOiIxNzI2OTE1NjU1LjIyMzAiLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTI5LjAuMC4wIFNhZmFyaS81MzcuMzYgRWRnLzEyOS4wLjAuMCIsInV0bSI6eyJjYW1wYWlnbiI6IlBXTl9ERV9IVlJfV0VCXzM1NDYiLCJjb250ZW50IjoiMzU0Nl8wN2RlM2NjNC1iOGIyLTQ3ZDItYTkyNC1mNmJkMDhlMmMxZDYiLCJpZCI6IjU5MTU5ODIwZGQ1ZjQwYTc4NzU0OWFlM2MwNGMyM2M2IiwibGFzdHBhZ2UiOiJvcGVyYS5jb20vZ2V0L29wZXJhLWd4IiwibWVkaXVtIjoicGEiLCJzaXRlIjoib3BlcmFfY29tIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImY2MGI1NDg5LTcwMGUtNDRkNS05Mzg2LTVhZmU2N2MzMTZmMCJ9C:\Users\admin\AppData\Local\Temp\7zSCDFCE5DF\setup.exe
OperaGXSetup.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera GX Installer
Version:
113.0.5230.108
Modules
Images
c:\users\admin\appdata\local\temp\7zscdfce5df\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
2492C:\Users\admin\AppData\Local\Temp\7zSCDFCE5DF\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=113.0.5230.108 --initial-client-data=0x338,0x33c,0x340,0x31c,0x344,0x74421864,0x74421870,0x7442187cC:\Users\admin\AppData\Local\Temp\7zSCDFCE5DF\setup.exe
setup.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera GX Installer
Version:
113.0.5230.108
Modules
Images
c:\users\admin\appdata\local\temp\7zscdfce5df\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
4060"C:\Users\admin\Desktop\OperaGXSetup.exe" C:\Users\admin\Desktop\OperaGXSetup.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Opera installer SFX
Version:
113.0.5230.108
Modules
Images
c:\users\admin\desktop\operagxsetup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
Total events
409
Read events
406
Write events
3
Delete events
0

Modification events

(PID) Process:(2400) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(2400) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2400) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
Executable files
4
Suspicious files
2
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
4060OperaGXSetup.exeC:\Users\admin\AppData\Local\Temp\7zSCDFCE5DF\setup.exeexecutable
MD5:DA8E25FE4788692A6EB45AEABE53C618
SHA256:2D9B00B5D083E5C0475B174E8911D1FD8697F227714B16646DC9C8DE35FB2D2B
2400setup.exeC:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.datbinary
MD5:226289C1499DFDAC83F9D8F0167046D9
SHA256:DA2087AC5D0E4FB0D4A5F114D4D563AAAED4D6057DE7FE70137258C16EE78C69
2400setup.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\AH8CR9J5\features[1].jsonbinary
MD5:143FC31957A5DD87262F77ADD00E42E7
SHA256:99157168837E6A2A8EB891357EFA081F9D94521B2D7F6349B6D992AF923F39A8
2400setup.exeC:\Users\admin\AppData\Local\Temp\Opera_installer_2409211048151702400.dllexecutable
MD5:88F60EFA6204B7AFE492E82AA60A3417
SHA256:0F6C713EC354989E9153FCB80A4EF72E21B6C707B68EE2EE6C88C4ED397C8B09
2492setup.exeC:\Users\admin\AppData\Local\Temp\Opera_installer_2409211048154672492.dllexecutable
MD5:88F60EFA6204B7AFE492E82AA60A3417
SHA256:0F6C713EC354989E9153FCB80A4EF72E21B6C707B68EE2EE6C88C4ED397C8B09
2400setup.exeC:\Users\admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeexecutable
MD5:DA8E25FE4788692A6EB45AEABE53C618
SHA256:2D9B00B5D083E5C0475B174E8911D1FD8697F227714B16646DC9C8DE35FB2D2B
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
21
TCP/UDP connections
33
DNS requests
10
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
404
104.18.25.17:443
https://api.config.opr.gg/v0/config?utm_campaign=PWN_DE_HVR_WEB_3546&utm_medium=pa&utm_source=PWNgames&product=gx&channel=Stable&client=netinstaller&edition=std-2
unknown
GET
23.53.42.195:443
https://download3.operacdn.com/ftp/pub/opera_gx/113.0.5230.108/win/Opera_GX_113.0.5230.108_Autoupdate_x64.exe
unknown
GET
302
18.197.180.179:443
https://download.opera.com/download/get/?id=67773&autoupdate=1&ni=1&stream=stable&utm_campaign=PWN_DE_HVR_WEB_3546&utm_content=3546_07de3cc4-b8b2-47d2-a924-f6bd08e2c1d6&utm_id=59159820dd5f40a787549ae3c04c23c6&utm_lastpage=opera.com/get/opera-gx&utm_medium=pa&utm_site=opera_com&utm_source=PWNgames&niuid=f60b5489-700e-44d5-9386-5afe67c316f0
unknown
GET
302
3.68.255.223:443
https://download.opera.com/download/get/?id=67773&autoupdate=1&ni=1&stream=stable&utm_campaign=PWN_DE_HVR_WEB_3546&utm_content=3546_07de3cc4-b8b2-47d2-a924-f6bd08e2c1d6&utm_id=59159820dd5f40a787549ae3c04c23c6&utm_lastpage=opera.com/get/opera-gx&utm_medium=pa&utm_site=opera_com&utm_source=PWNgames&niuid=f60b5489-700e-44d5-9386-5afe67c316f0
unknown
GET
104.18.11.89:443
https://download5.operacdn.com/ftp/pub/opera_gx/113.0.5230.108/win/Opera_GX_113.0.5230.108_Autoupdate_x64.exe
unknown
GET
302
18.158.106.81:443
https://download.opera.com/download/get/?id=67773&autoupdate=1&ni=1&stream=stable&utm_campaign=PWN_DE_HVR_WEB_3546&utm_content=3546_07de3cc4-b8b2-47d2-a924-f6bd08e2c1d6&utm_id=59159820dd5f40a787549ae3c04c23c6&utm_lastpage=opera.com/get/opera-gx&utm_medium=pa&utm_site=opera_com&utm_source=PWNgames&niuid=f60b5489-700e-44d5-9386-5afe67c316f0
unknown
POST
201
82.145.217.121:443
https://desktop-netinstaller-sub.osp.opera.software/v1/binary
unknown
text
36 b
GET
23.53.42.122:443
https://download3.operacdn.com/ftp/pub/opera_gx/113.0.5230.108/win/Opera_GX_113.0.5230.108_Autoupdate_x64.exe
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3888
svchost.exe
239.255.255.250:1900
whitelisted
51.104.136.2:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
82.145.217.121:443
desktop-netinstaller-sub.osp.opera.software
Opera Software AS
NO
whitelisted
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
82.145.216.19:443
autoupdate.geo.opera.com
Opera Software AS
NO
whitelisted
2120
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2400
setup.exe
82.145.216.15:443
features.opera-api2.com
Opera Software AS
NO
malicious
2400
setup.exe
104.18.24.17:443
api.config.opr.gg
CLOUDFLARENET
unknown

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.185.174
whitelisted
desktop-netinstaller-sub.osp.opera.software
  • 82.145.217.121
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
autoupdate.geo.opera.com
  • 82.145.216.19
  • 82.145.216.20
whitelisted
settings-win.data.microsoft.com
  • 4.231.128.59
whitelisted
features.opera-api2.com
  • 82.145.216.15
  • 82.145.216.16
malicious
api.config.opr.gg
  • 104.18.24.17
  • 104.18.25.17
unknown
download.opera.com
  • 82.145.216.24
  • 82.145.216.23
whitelisted
download5.operacdn.com
  • 104.18.10.89
  • 104.18.11.89
malicious
download3.operacdn.com
  • 23.53.42.122
  • 23.53.42.195
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
OperaGXSetup.exe