URL:

https://fifa-23.programas-gratis.net/descargar-programa

Full analysis: https://app.any.run/tasks/efdd5ec1-e0cd-45b4-8b76-a2828a618cd9
Verdict: Malicious activity
Analysis date: March 11, 2024, 18:44:30
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

C2E2B9FCB12CFC7F9BA83FC62A9516CF

SHA1:

5F324D48CFD15E91D19795B059AD42BC0F7F7200

SHA256:

0255ACAC8BFA280144A963F129BECB52AAB19CF3C366B2845E3DB342E7E0A2D3

SSDEEP:

3:N8VIXlKEWwbL0LWbUUIEn:20lKE7bmNEn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Steam.exe (PID: 992)

  • SUSPICIOUS

    • Malware-specific behavior (creating "System.dll" in Temp)

      • Steam.exe (PID: 992)

    • The process creates files with name similar to system file names

      • Steam.exe (PID: 992)

    • Executable content was dropped or overwritten

      • Steam.exe (PID: 992)

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 4052)

    • Executable content was dropped or overwritten

      • iexplore.exe (PID: 2044)
      • iexplore.exe (PID: 4052)

    • Drops the executable file immediately after the start

      • iexplore.exe (PID: 2044)
      • iexplore.exe (PID: 4052)

    • Modifies the phishing filter of IE

      • iexplore.exe (PID: 4052)

    • The process uses the downloaded file

      • iexplore.exe (PID: 4052)

    • Manual execution by a user

      • explorer.exe (PID: 1692)
      • Steam.exe (PID: 1728)
      • Steam.exe (PID: 992)

    • Checks supported languages

      • Steam.exe (PID: 992)

    • Reads the computer name

      • Steam.exe (PID: 992)

    • Create files in a temporary directory

      • Steam.exe (PID: 992)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
47
Monitored processes
5
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe explorer.exe no specs steam.exe no specs steam.exe

Process information

PID
CMD
Path
Indicators
Parent process
992"C:\Users\admin\Downloads\Steam.exe" C:\Users\admin\Downloads\Steam.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Description:
Steam
Exit code:
0
Version:
2.10.91.91
Modules
Images
c:\users\admin\downloads\steam.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
1692"C:\Windows\explorer.exe" C:\Windows\explorer.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
1728"C:\Users\admin\Downloads\Steam.exe" C:\Users\admin\Downloads\Steam.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Steam
Exit code:
3221226540
Version:
2.10.91.91
Modules
Images
c:\users\admin\downloads\steam.exe
c:\windows\system32\ntdll.dll
2044"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:4052 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
4052"C:\Program Files\Internet Explorer\iexplore.exe" "https://fifa-23.programas-gratis.net/descargar-programa"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
23 763
Read events
23 664
Write events
79
Delete events
20

Modification events

(PID) Process:(4052) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
1
(PID) Process:(4052) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchLowDateTime
Value:
743601328
(PID) Process:(4052) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
31093732
(PID) Process:(4052) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
(PID) Process:(4052) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
31093732
(PID) Process:(4052) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(4052) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(4052) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(4052) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(4052) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
7
Suspicious files
14
Text files
5
Unknown types
4

Dropped files

PID
Process
Filename
Type
2044iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751der
MD5:822467B728B7A66B081C91795373789A
SHA256:AF2343382B88335EEA72251AD84949E244FF54B6995063E24459A7216E9576B9
2044iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506compressed
MD5:753DF6889FD7410A2E9FE333DA83A429
SHA256:B42DC237E44CBC9A43400E7D3F9CBD406DBDEFD62BFE87328F8663897D69DF78
2044iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:A82D2E27801C741A067461B9BD86C059
SHA256:8FFA815B01F86731B6F3F34D1C4E56C11DDF1C61F863F638575C911DF1E106C3
2044iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\CabF760.tmpcompressed
MD5:753DF6889FD7410A2E9FE333DA83A429
SHA256:B42DC237E44CBC9A43400E7D3F9CBD406DBDEFD62BFE87328F8663897D69DF78
2044iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\CabF771.tmpcompressed
MD5:753DF6889FD7410A2E9FE333DA83A429
SHA256:B42DC237E44CBC9A43400E7D3F9CBD406DBDEFD62BFE87328F8663897D69DF78
2044iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\TarF761.tmpcat
MD5:DD73CEAD4B93366CF3465C8CD32E2796
SHA256:A6752B7851B591550E4625B832A393AABCC428DE18D83E8593CD540F7D7CAE22
2044iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A1CE5CC1EBA55051EF1051B539B325CAbinary
MD5:C7F46E0F5B91035DE06FF8FECE62B1E7
SHA256:CC94E55EE2AE362F063F060D5D9634B56146B7A8D126085C38566B222747EC55
2044iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751binary
MD5:DEE7E1E48C5F3832F4CF7133CFE55620
SHA256:C81EF5DFFB20CDFA5AE35F05DE0F904A26A7C994D5FCDF50E5FF1A1E418B1973
2044iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A1CE5CC1EBA55051EF1051B539B325CAbinary
MD5:6DEF06DFDE905B5CBF314862512013B7
SHA256:1F8825877AFF6CFE5A5AC4854036BBC6941CCBA27E727AA718721B11ECE8162A
2044iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506binary
MD5:D52F144EA2368E45E6682144A4E3A56B
SHA256:0B7E79C71B9D618BA76E00E0219168CBADCF2997F706E0B6469B8BAE264E7F86
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
11
TCP/UDP connections
19
DNS requests
10
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2044
iexplore.exe
GET
304
2.19.126.137:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?545e1839169dd0e6
unknown
unknown
2044
iexplore.exe
GET
304
2.19.126.163:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?f78d505714a595e3
unknown
unknown
2044
iexplore.exe
GET
200
2.19.126.137:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?a08f35fbea17b647
unknown
compressed
67.5 Kb
unknown
2044
iexplore.exe
GET
200
2.19.126.163:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?fa310b6d6a2541a6
unknown
compressed
67.5 Kb
unknown
2044
iexplore.exe
GET
200
23.39.157.155:80
http://x1.c.lencr.org/
unknown
binary
717 b
unknown
2044
iexplore.exe
GET
200
95.101.54.216:80
http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgOevXStTY5a9WyT3pmSp3Z5%2BQ%3D%3D
unknown
binary
503 b
unknown
2044
iexplore.exe
GET
200
95.101.54.216:80
http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgQ5zPRzB7AwJ2vsinlmhaU7kA%3D%3D
unknown
binary
503 b
unknown
4052
iexplore.exe
GET
304
173.222.108.210:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?b23edf5cfbe16fd7
unknown
unknown
4052
iexplore.exe
GET
304
173.222.108.210:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?b0be6f4ad90be2e5
unknown
unknown
4052
iexplore.exe
GET
304
173.222.108.210:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?719f0b64dcb4a601
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
2044
iexplore.exe
163.172.70.17:443
fifa-23.programas-gratis.net
Online S.a.s.
FR
unknown
2044
iexplore.exe
2.19.126.137:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
2044
iexplore.exe
2.19.126.163:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
2044
iexplore.exe
23.39.157.155:80
x1.c.lencr.org
AKAMAI-AS
US
unknown
2044
iexplore.exe
95.101.54.216:80
r3.o.lencr.org
Akamai International B.V.
DE
unknown
2044
iexplore.exe
212.83.189.113:443
files.downloadprogramas.com
Online S.a.s.
FR
unknown
4052
iexplore.exe
152.199.19.161:443
iecvlist.microsoft.com
EDGECAST
US
whitelisted

DNS requests

Domain
IP
Reputation
fifa-23.programas-gratis.net
  • 163.172.70.17
unknown
ctldl.windowsupdate.com
  • 2.19.126.137
  • 2.19.126.163
  • 173.222.108.210
  • 173.222.108.226
whitelisted
x1.c.lencr.org
  • 23.39.157.155
whitelisted
r3.o.lencr.org
  • 95.101.54.216
  • 2.16.202.115
  • 95.101.54.123
  • 95.101.54.145
shared
files.downloadprogramas.com
  • 212.83.189.113
unknown
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted
r20swj13mr.microsoft.com
  • 152.199.19.161
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://fifa-23.programas-gratis.net/descargar-programa