URL: | http://www.ttyplus.com/download/mtputty.zip |
Full analysis: | https://app.any.run/tasks/84df45f6-635d-405d-9e83-c424743193d6 |
Verdict: | Malicious activity |
Analysis date: | September 11, 2019, 10:23:32 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 02A5D9545865F7A397F61F8E71239127 |
SHA1: | 4CDBEFDC49031E4A691E253C4B32A7E0DEEC6754 |
SHA256: | FFF6856F8084C693615CE38D826B8036D5EF95FA8F2BCC3FE749D7A79A57178E |
SSDEEP: | 3:N1KJS4sVJyWKLs6RcYV:Cc4Dlf |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2784 | "C:\Program Files\Opera\opera.exe" "http://www.ttyplus.com/download/mtputty.zip" | C:\Program Files\Opera\opera.exe | explorer.exe | |
User: admin Company: Opera Software Integrity Level: MEDIUM Description: Opera Internet Browser Version: 1748 | ||||
2368 | "C:\Program Files\WinRAR\WinRAR.exe" x -iext -ow -ver -- "C:\Users\admin\Desktop\mtputty.zip" C:\Users\admin\Desktop\ | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
2736 | "C:\Users\admin\Desktop\MTPuTTY_setup.exe" | C:\Users\admin\Desktop\MTPuTTY_setup.exe | explorer.exe | |
User: admin Company: TTYPlus Integrity Level: MEDIUM Description: MTPuTTY Setup Exit code: 0 Version: 1.6 | ||||
3504 | "C:\Users\admin\AppData\Local\Temp\is-4T8B5.tmp\MTPuTTY_setup.tmp" /SL5="$2D013C,768749,54272,C:\Users\admin\Desktop\MTPuTTY_setup.exe" | C:\Users\admin\AppData\Local\Temp\is-4T8B5.tmp\MTPuTTY_setup.tmp | — | MTPuTTY_setup.exe |
User: admin Integrity Level: MEDIUM Description: Setup/Uninstall Exit code: 0 Version: 51.52.0.0 | ||||
2628 | "C:\Users\admin\Desktop\MTPuTTY_setup.exe" /SPAWNWND=$301B0 /NOTIFYWND=$2D013C | C:\Users\admin\Desktop\MTPuTTY_setup.exe | MTPuTTY_setup.tmp | |
User: admin Company: TTYPlus Integrity Level: HIGH Description: MTPuTTY Setup Exit code: 0 Version: 1.6 | ||||
3088 | "C:\Users\admin\AppData\Local\Temp\is-2NU2P.tmp\MTPuTTY_setup.tmp" /SL5="$401C8,768749,54272,C:\Users\admin\Desktop\MTPuTTY_setup.exe" /SPAWNWND=$301B0 /NOTIFYWND=$2D013C | C:\Users\admin\AppData\Local\Temp\is-2NU2P.tmp\MTPuTTY_setup.tmp | MTPuTTY_setup.exe | |
User: admin Integrity Level: HIGH Description: Setup/Uninstall Exit code: 0 Version: 51.52.0.0 | ||||
2568 | "C:\Program Files\MTPuTTY\mtputty.exe" | C:\Program Files\MTPuTTY\mtputty.exe | — | explorer.exe |
User: admin Company: TTYPlus Integrity Level: MEDIUM Description: Multi-Tabbed PuTTY Version: 1.6.0.176 | ||||
2396 | "C:\Program Files\Google\Chrome\Application\chrome.exe" | C:\Program Files\Google\Chrome\Application\chrome.exe | explorer.exe | |
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Version: 75.0.3770.100 | ||||
3232 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=75.0.3770.100 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6d2da9d0,0x6d2da9e0,0x6d2da9ec | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Version: 75.0.3770.100 | ||||
2448 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2416 --on-initialized-event-handle=312 --parent-handle=316 /prefetch:6 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Version: 75.0.3770.100 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2784 | opera.exe | C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\opr9177.tmp | — | |
MD5:— | SHA256:— | |||
2784 | opera.exe | C:\Users\admin\AppData\Roaming\Opera\Opera\opr9187.tmp | — | |
MD5:— | SHA256:— | |||
2784 | opera.exe | C:\Users\admin\AppData\Roaming\Opera\Opera\opr91E6.tmp | — | |
MD5:— | SHA256:— | |||
2784 | opera.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\65QPUX0SO85GQT7H1H7U.temp | — | |
MD5:— | SHA256:— | |||
2784 | opera.exe | C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00003.tmp | — | |
MD5:— | SHA256:— | |||
2784 | opera.exe | C:\Users\admin\AppData\Roaming\Opera\Opera\oprE5F3.tmp | — | |
MD5:— | SHA256:— | |||
2784 | opera.exe | C:\Users\admin\AppData\Roaming\Opera\Opera\operaprefs.ini | text | |
MD5:5047A5CC2CB1D40D8BE2631511437B79 | SHA256:78CBD8FB29873CB4ADCDE3FA5AC1DC5BF67656950DD4D53EE72AAE1BF42D8B35 | |||
2784 | opera.exe | C:\Users\admin\AppData\Roaming\Opera\Opera\opssl6.dat | binary | |
MD5:66353CFD7291F165C28DBA541510FB77 | SHA256:7B9439D7FC99454C6B5280F6B2FF5DD1E11033F0A0838AC56304FB0DA61F26FD | |||
2784 | opera.exe | C:\Users\admin\AppData\Roaming\Opera\Opera\tasks.xml | xml | |
MD5:5ADE8CB3BB945125100F18B0C90770E8 | SHA256:240D35F4BEBD74DCE56087932E896E3D97CA3C7ABCC4CE864ADBCBA6AD6466CF | |||
2784 | opera.exe | C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00001.tmp | html | |
MD5:7F077F1FCE3D566040B0D69EB1F27D8F | SHA256:487AD0D2CF075F4328A1ADF57EF428759AD4E2C873A8EBD2AD9653990829C9CF |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2784 | opera.exe | GET | 200 | 168.235.76.235:80 | http://www.ttyplus.com/download/mtputty.zip | US | compressed | 962 Kb | suspicious |
2784 | opera.exe | GET | 200 | 93.184.220.29:80 | http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl | US | der | 528 b | whitelisted |
2092 | chrome.exe | GET | 302 | 172.217.22.78:80 | http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOWVmQUFXS041NV9ZVXlJVWwxbGc5TUM4dw/7519.422.0.3_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx | US | html | 515 b | whitelisted |
2092 | chrome.exe | GET | 200 | 74.125.8.140:80 | http://r6---sn-5hnednlk.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOWVmQUFXS041NV9ZVXlJVWwxbGc5TUM4dw/7519.422.0.3_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx?cms_redirect=yes&mip=185.104.186.93&mm=28&mn=sn-5hnednlk&ms=nvh&mt=1568197413&mv=m&mvi=5&pl=24&shardbypass=yes | US | crx | 862 Kb | whitelisted |
2784 | opera.exe | GET | 400 | 107.167.110.216:80 | http://sitecheck2.opera.com/?host=www.ttyplus.com&hdn=W/TD/0yTrGUuO60TeY/XnA== | US | html | 150 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2092 | chrome.exe | 172.217.21.234:443 | fonts.googleapis.com | Google Inc. | US | whitelisted |
2784 | opera.exe | 93.184.220.29:80 | crl4.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2092 | chrome.exe | 172.217.16.195:443 | www.gstatic.com | Google Inc. | US | whitelisted |
2784 | opera.exe | 185.26.182.93:443 | certs.opera.com | Opera Software AS | — | whitelisted |
2092 | chrome.exe | 216.58.207.35:443 | www.google.com.ua | Google Inc. | US | whitelisted |
2092 | chrome.exe | 172.217.23.141:443 | accounts.google.com | Google Inc. | US | whitelisted |
2092 | chrome.exe | 172.217.18.99:443 | clientservices.googleapis.com | Google Inc. | US | whitelisted |
2784 | opera.exe | 107.167.110.216:80 | sitecheck2.opera.com | Opera Software Americas LLC | US | malicious |
2784 | opera.exe | 168.235.76.235:80 | www.ttyplus.com | RamNode LLC | US | suspicious |
2092 | chrome.exe | 216.58.205.238:443 | clients2.google.com | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
www.ttyplus.com |
| suspicious |
sitecheck2.opera.com |
| whitelisted |
certs.opera.com |
| whitelisted |
crl4.digicert.com |
| whitelisted |
clientservices.googleapis.com |
| whitelisted |
accounts.google.com |
| shared |
www.google.com.ua |
| whitelisted |
fonts.googleapis.com |
| whitelisted |
www.gstatic.com |
| whitelisted |
fonts.gstatic.com |
| whitelisted |