8d51f6b005fb5c1bb4c198bc3261abefad01326fda8b430c4a29ad457ab8a35a

You are on a public page with reduced results.

Source: Wild

Summary

opera.exe is the 7817th most commonly executed Windows program. It typically runs from the path C:\Program Files\Opera\52.0.2871.99, and is most often launched by opera.exe. It has been observed executing on 0.3% of computers in the wild. The typical filename is opera.exe.

EchoTrail Prevalence Score (EPS)

27.84

Rank Analysis

Host Prevalence

0.3%

Execution Rank

7,817th

Behavioral Analysis

Top Filenames

opera.exe

100.00 %

Top Paths

C:\Program Files\Opera\52.0.2871.99

23.09 %

Top Network Ports

443

98.22 %

Ancestry Analysis

Top GrandParents

Top Parents

Top Children

Security Analysis

Intel

A typical detection hypothesis for behaviorally finding malicious activities stemming from a web browser is to look for shells (cmd.exe, powershell.exe, etc) being launched as a child process of the web browser. While this merits some attention sometimes, it is not abnormal enough to warrant a worthwhile high priority detection. This hypothesis is rather a decent second order indicator to prioritize another detection method or within a correlation rule. However, some APT style attacks will abuse common applications, such as web browsers, to take advantage of DLL load orders. In those scenarios, a legitimately-named-but-actually-malicious DLL will have been written in the same directory as the core web browser binary, thereby causing it to be loaded when the web browser is called. One method for detecting such an attack methodology would be to look for scheduled tasks launching web browsers, especially those where the task was scheduled remotely.