URL:

https://dood.la/e/ht41amn6dll8

Full analysis: https://app.any.run/tasks/b8e6000d-d45f-4fff-89f1-919a8ac1f91f
Verdict: Malicious activity
Analysis date: August 12, 2022, 19:06:53
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

5B6B5151C94A0E2E6C004C4F5E7AF679

SHA1:

8155263BA0D8EE2B50819348D936196FD141980E

SHA256:

E57B00EF0EC6A4B1D400BA7C6CEB04B0DA69D7249914227D988CA88AF29D4D2A

SSDEEP:

3:N8SAJ8WRRKLTBdn:2SscBd

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Reads the computer name

      • opera.exe (PID: 3488)

    • Checks supported languages

      • opera.exe (PID: 3488)

    • Reads the date of Windows installation

      • opera.exe (PID: 3488)

    • Check for Java to be installed

      • opera.exe (PID: 3488)

    • Dropped object may contain Bitcoin addresses

      • opera.exe (PID: 3488)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
34
Monitored processes
1
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start opera.exe

Process information

PID
CMD
Path
Indicators
Parent process
3488"C:\Program Files\Opera\opera.exe" "https://dood.la/e/ht41amn6dll8"C:\Program Files\Opera\opera.exe
Explorer.EXE
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera Internet Browser
Exit code:
0
Version:
1748
Modules
Images
c:\program files\opera\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\rpcrt4.dll
Total events
1 074
Read events
1 015
Write events
59
Delete events
0

Modification events

(PID) Process:(3488) opera.exeKey:HKEY_CURRENT_USER\Software\Opera Software
Operation:writeName:Last CommandLine v2
Value:
C:\Program Files\Opera\opera.exe "https://dood.la/e/ht41amn6dll8"
(PID) Process:(3488) opera.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
Executable files
0
Suspicious files
17
Text files
33
Unknown types
20

Dropped files

PID
Process
Filename
Type
3488opera.exeC:\Users\admin\AppData\Roaming\Opera\Opera\oprDB53.tmptext
MD5:
SHA256:
3488opera.exeC:\Users\admin\AppData\Roaming\Opera\Opera\oprDBC1.tmpxml
MD5:
SHA256:
3488opera.exeC:\Users\admin\AppData\Roaming\Opera\Opera\tasks.xmlxml
MD5:
SHA256:
3488opera.exeC:\Users\admin\AppData\Roaming\Opera\Opera\opssl6.datbinary
MD5:
SHA256:
3488opera.exeC:\Users\admin\AppData\Roaming\Opera\Opera\operaprefs.initext
MD5:
SHA256:
3488opera.exeC:\Users\admin\AppData\Roaming\Opera\Opera\opcert6.datbinary
MD5:1AA8644C9261DC10F7247F6A145C1DD2
SHA256:58A8933F65361633C6AB194000D312DC9D566F717B1A16814A0DBEE24A60EBE3
3488opera.exeC:\Users\admin\AppData\Roaming\Opera\Opera\sessions\oprDB42.tmptext
MD5:0100E3D2A29941CEEF4E37312A7FA332
SHA256:0C42C7737A5ABA75C8E2EA967E2A994542B2C641D0A370EDC41BC4D70A7CAC70
3488opera.exeC:\Users\admin\AppData\Roaming\Opera\Opera\opcacrt6.datbinary
MD5:59761E989F564F76A3A4B778DB7ABCF1
SHA256:AF879942D234D85C0CE75921DBDDA50E2F6D135BD961F259106131751359052B
3488opera.exeC:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00003.tmpxml
MD5:
SHA256:
3488opera.exeC:\Users\admin\AppData\Roaming\Opera\Opera\opicacrt6.datbinary
MD5:82F1A2B1176A5ECC457D32301E2AD833
SHA256:A783052804DD4C232BE2ED3DC00C430CB67A20370890E235562ED2B27B5A602E
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
15
TCP/UDP connections
64
DNS requests
32
Threats
9

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3488
opera.exe
GET
172.64.155.188:80
http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQh80WaEMqmyEvaHjlisSfVM4p8SAQUF9nWJSdn%2BTHCSUPZMDZEjGypT%2BsCEBEUnVAIkR2ADFo6hrdrMVQ%3D
US
whitelisted
3488
opera.exe
GET
200
93.184.220.29:80
http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl
US
der
592 b
whitelisted
3488
opera.exe
GET
200
13.225.84.149:80
http://crl.rootg2.amazontrust.com/rootg2.crl
US
der
660 b
whitelisted
3488
opera.exe
GET
200
93.184.220.29:80
http://crl3.digicert.com/Omniroot2025.crl
US
der
7.78 Kb
whitelisted
3488
opera.exe
GET
200
172.64.155.188:80
http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl
US
der
978 b
whitelisted
3488
opera.exe
GET
200
13.225.84.149:80
http://crl.rootca1.amazontrust.com/rootca1.crl
US
der
493 b
whitelisted
3488
opera.exe
GET
200
104.18.32.68:80
http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQh80WaEMqmyEvaHjlisSfVM4p8SAQUF9nWJSdn%2BTHCSUPZMDZEjGypT%2BsCEBEUnVAIkR2ADFo6hrdrMVQ%3D
US
der
471 b
whitelisted
3488
opera.exe
GET
200
104.18.32.68:80
http://ocsp.sectigo.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEQDbADTvsUUc8EccNUVxaEJQ
US
der
472 b
whitelisted
3488
opera.exe
GET
200
93.184.220.29:80
http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl
US
der
592 b
whitelisted
3488
opera.exe
GET
200
13.225.84.172:80
http://s.ss2.us/r.crl
US
der
434 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3488
opera.exe
104.26.1.94:443
dood.la
Cloudflare Inc
US
suspicious
3488
opera.exe
185.26.182.94:443
certs.opera.com
Opera Software AS
whitelisted
3488
opera.exe
82.145.216.15:443
sitecheck2.opera.com
Opera Software AS
suspicious
3488
opera.exe
104.26.0.94:443
dood.la
Cloudflare Inc
US
unknown
3488
opera.exe
82.145.216.16:443
sitecheck2.opera.com
Opera Software AS
suspicious
3488
opera.exe
93.184.220.29:80
crl3.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
3488
opera.exe
185.26.182.93:443
certs.opera.com
Opera Software AS
whitelisted
82.145.216.16:443
sitecheck2.opera.com
Opera Software AS
suspicious
3488
opera.exe
104.17.24.14:443
cdnjs.cloudflare.com
Cloudflare Inc
US
suspicious
3488
opera.exe
104.26.6.74:443
i.doodcdn.co
Cloudflare Inc
US
unknown

DNS requests

Domain
IP
Reputation
dood.la
  • 104.26.1.94
  • 104.26.0.94
  • 172.67.69.187
malicious
sitecheck2.opera.com
  • 82.145.216.15
  • 82.145.216.16
whitelisted
certs.opera.com
  • 185.26.182.94
  • 185.26.182.93
whitelisted
crl3.digicert.com
  • 93.184.220.29
whitelisted
crl4.digicert.com
  • 93.184.220.29
whitelisted
cdnjs.cloudflare.com
  • 104.17.24.14
  • 104.17.25.14
whitelisted
i.doodcdn.co
  • 104.26.6.74
  • 172.67.70.190
  • 104.26.7.74
unknown
d1f05vr3sjsuy7.cloudfront.net
  • 13.225.84.131
  • 13.225.84.209
  • 13.225.84.154
  • 13.225.84.61
whitelisted
ku2d3a7pa8mdi.com
  • 62.122.171.6
suspicious
d18t35yyry2k49.cloudfront.net
  • 13.224.194.95
  • 13.224.194.224
  • 13.224.194.69
  • 13.224.194.189
whitelisted

Threats

PID
Process
Class
Message
3488
opera.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
3488
opera.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
3488
opera.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
3488
opera.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
3488
opera.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
3488
opera.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
3488
opera.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
3488
opera.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
3488
opera.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://dood.la/e/ht41amn6dll8