analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

http://agilitrix.com/mwg-internal/de5fs23hu73ds/progress?id=1g2-HSamp8nQFZ6Cpof9a-XCY30IX80m89NPM8Nf1aM,&dl

Full analysis: https://app.any.run/tasks/af71af32-ef55-4b42-bb9d-d29dde20a328
Verdict: Malicious activity
Analysis date: July 18, 2019, 11:39:25
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

93BBB2CF0A57F5B5E857DEDF99FFA97C

SHA1:

58A7930E4E687F5137F01E599FFCC5FC3875D08D

SHA256:

EA06ECAEFE4CD8092502D059D690A7355F6C0252DB356EC1AD776BB453683ACA

SSDEEP:

3:N1KfxMRX6GTKIjs2QDWHWIdMB5UQ070ukcrUIEoJD/n:C5MRX6KKIBWWHJOBmQyIIEa/n

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Creates files in the user directory

      • opera.exe (PID: 3876)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
33
Monitored processes
1
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start opera.exe

Process information

PID
CMD
Path
Indicators
Parent process
3876"C:\Program Files\Opera\opera.exe" "http://agilitrix.com/mwg-internal/de5fs23hu73ds/progress?id=1g2-HSamp8nQFZ6Cpof9a-XCY30IX80m89NPM8Nf1aM,&dl"C:\Program Files\Opera\opera.exe
explorer.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera Internet Browser
Version:
1748
Modules
Images
c:\program files\opera\opera.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\rpcrt4.dll
Total events
246
Read events
186
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
72
Text files
29
Unknown types
42

Dropped files

PID
Process
Filename
Type
3876opera.exeC:\Users\admin\AppData\Roaming\Opera\Opera\sessions\oprFBE5.tmp
MD5:
SHA256:
3876opera.exeC:\Users\admin\AppData\Roaming\Opera\Opera\oprFBF5.tmp
MD5:
SHA256:
3876opera.exeC:\Users\admin\AppData\Roaming\Opera\Opera\oprFC35.tmp
MD5:
SHA256:
3876opera.exeC:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00001.tmp
MD5:
SHA256:
3876opera.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\BT4UBNXJBYYC3TMIAHRP.temp
MD5:
SHA256:
3876opera.exeC:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fagilitrix.com%2Fwp-content%2Fuploads%2F2018%2F04%2FAgilitrix-Favicon-150x150.png
MD5:
SHA256:
3876opera.exeC:\Users\admin\AppData\Roaming\Opera\Opera\operaprefs.initext
MD5:5405D4C902FA29FA439A2B902CB42955
SHA256:BE4A61FEE7FCCEAD9D6E3EF611232FE3AF5AAC7127C194591FE194C2EAAF02FB
3876opera.exeC:\Users\admin\AppData\Roaming\Opera\Opera\opssl6.datbinary
MD5:A8FC7D69A8A93442F071D1291C434BDE
SHA256:4C892F2E69CF08113DB4E2DA8B6C885853BAB1A4927E44BEF39F708BA08B788E
3876opera.exeC:\Users\admin\AppData\Roaming\Opera\Opera\tasks.xmlxml
MD5:4010FE33F2FA603A836668BF658B5475
SHA256:2EFBE263A549116F765F25EF824824C4E7E07A628E94BF4358A8438B953A6D62
3876opera.exeC:\Users\admin\AppData\Local\Opera\Opera\cache\CACHEDIR.TAGtext
MD5:E717F92FA29AE97DBE4F6F5C04B7A3D9
SHA256:5BBD5DCBF87FD8CD7544C522BADF22A2951CF010AD9F25C40F9726F09EA2B552
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
152
TCP/UDP connections
114
DNS requests
56
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3876
opera.exe
GET
104.197.149.35:80
http://agilitrix.com/mwg-internal/de5fs23hu73ds/progress?id=1g2-HSamp8nQFZ6Cpof9a-XCY30IX80m89NPM8Nf1aM,&dl
US
unknown
3876
opera.exe
GET
104.197.149.35:80
http://agilitrix.com/wp-content/plugins/ap-custom-testimonial-pro/css/example.css?ver=5.1.1
US
unknown
3876
opera.exe
GET
104.197.149.35:80
http://agilitrix.com/wp-includes/css/dist/block-library/style.min.css?ver=5.1.1
US
unknown
3876
opera.exe
GET
104.197.149.35:80
http://agilitrix.com/wp-content/plugins/ap-custom-testimonial-pro/css/frontend.css?ver=1.2.7
US
unknown
3876
opera.exe
GET
104.197.149.35:80
http://agilitrix.com/wp-includes/css/buttons.min.css?ver=5.1.1
US
unknown
3876
opera.exe
GET
104.197.149.35:80
http://agilitrix.com/wp-content/uploads/2018/04/Agilitrix-Logo-Horz-Slogan-Colour.png
US
unknown
3876
opera.exe
GET
104.197.149.35:80
http://agilitrix.com/wp-includes/js/imgareaselect/imgareaselect.css?ver=0.9.8
US
unknown
3876
opera.exe
GET
104.197.149.35:80
http://agilitrix.com/wp-content/plugins/download-manager/assets/css/front.css?ver=5.1.1
US
unknown
3876
opera.exe
GET
104.197.149.35:80
http://agilitrix.com/wp-content/plugins/ap-custom-testimonial-pro/css/jquery.bxslider.css?ver=1.2.7
US
unknown
3876
opera.exe
GET
104.197.149.35:80
http://agilitrix.com/wp-includes/css/media-views.min.css?ver=5.1.1
US
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3876
opera.exe
185.26.182.94:443
certs.opera.com
Opera Software AS
whitelisted
216.58.206.8:443
www.googletagmanager.com
Google Inc.
US
whitelisted
3876
opera.exe
93.184.220.29:80
crl4.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
3876
opera.exe
104.197.149.35:80
agilitrix.com
Google Inc.
US
unknown
3876
opera.exe
2.19.43.118:80
platform-api.sharethis.com
Akamai International B.V.
whitelisted
3876
opera.exe
216.58.210.10:443
fonts.googleapis.com
Google Inc.
US
whitelisted
216.58.206.3:80
crl.pki.goog
Google Inc.
US
whitelisted
54.244.183.249:80
adpxl.co
Amazon.com, Inc.
US
unknown
3876
opera.exe
185.26.182.93:80
certs.opera.com
Opera Software AS
whitelisted
104.16.159.106:443
cj369.infusionsoft.com
Cloudflare Inc
US
shared

DNS requests

Domain
IP
Reputation
agilitrix.com
  • 104.197.149.35
unknown
certs.opera.com
  • 185.26.182.94
  • 185.26.182.93
whitelisted
crl4.digicert.com
  • 93.184.220.29
whitelisted
sitecheck2.opera.com
  • 185.26.182.93
  • 185.26.182.94
  • 185.26.182.111
  • 185.26.182.112
whitelisted
www.googletagmanager.com
  • 216.58.206.8
whitelisted
platform-api.sharethis.com
  • 2.19.43.118
whitelisted
adpxl.co
  • 54.244.183.249
malicious
fonts.googleapis.com
  • 216.58.210.10
whitelisted
cj369.infusionsoft.com
  • 104.16.159.106
  • 104.16.158.106
unknown
crl.pki.goog
  • 216.58.206.3
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
http://agilitrix.com/mwg-internal/de5fs23hu73ds/progress?id=1g2-HSamp8nQFZ6Cpof9a-XCY30IX80m89NPM8Nf1aM,&dl