File name:

ChipGenius_v4_21_0701.rar

Full analysis: https://app.any.run/tasks/95df4bff-d3c7-4380-b3cb-4e5baab3f589
Verdict: Malicious activity
Analysis date: May 27, 2024, 14:26:18
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v4, os: Win32, flags: Solid
MD5:

F86207A6626CFA1BCFC17E0682077796

SHA1:

BEFA4AFEA08AA3148021C529CCD10F6CE149DE9B

SHA256:

3E04CDEA83BDF44D66092AD39204EF87FC1A5F389FF8CED9E96DCC91483B697B

SSDEEP:

24576:lKui3jQurMxeSgQQqoFDxUfzeZACSFEDjzUQDA9PgmN7DqAKIfI5ohNY9cwdHN2M:lKui3jQkMxeSgQQqoFtUfzeZACSaDjz1

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads settings of System Certificates

      • FlashMaster.exe (PID: 1200)
      • FlashMaster.exe (PID: 1840)

    • Reads the Internet Settings

      • FlashMaster.exe (PID: 1840)

  • INFO

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3984)

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 3984)

    • Manual execution by a user

      • FlashMaster.exe (PID: 1200)
      • ChipGenius_v4_21_0701.exe (PID: 304)
      • ChipGenius_v4_21_0701.exe (PID: 2028)
      • FlashMaster.exe (PID: 1840)

    • Checks supported languages

      • FlashMaster.exe (PID: 1200)
      • ChipGenius_v4_21_0701.exe (PID: 304)
      • FlashMaster.exe (PID: 1840)

    • Reads the computer name

      • FlashMaster.exe (PID: 1200)
      • FlashMaster.exe (PID: 1840)
      • ChipGenius_v4_21_0701.exe (PID: 304)

    • Reads the machine GUID from the registry

      • FlashMaster.exe (PID: 1200)
      • ChipGenius_v4_21_0701.exe (PID: 304)
      • FlashMaster.exe (PID: 1840)

    • Reads the software policy settings

      • FlashMaster.exe (PID: 1200)
      • FlashMaster.exe (PID: 1840)

    • Reads Environment values

      • FlashMaster.exe (PID: 1200)
      • FlashMaster.exe (PID: 1840)

    • Create files in a temporary directory

      • ChipGenius_v4_21_0701.exe (PID: 304)

    • Application launched itself

      • msedge.exe (PID: 2400)
      • msedge.exe (PID: 1080)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v-4.x) (58.3)
.rar | RAR compressed archive (gen) (41.6)

EXIF

ZIP

CompressedSize: 103
UncompressedSize: 53
OperatingSystem: Win32
ModifyDate: 2000:01:01 00:00:00
PackingMethod: Best Compression
ArchivedFileName: readme.txt
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
60
Monitored processes
23
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe flashmaster.exe chipgenius_v4_21_0701.exe no specs chipgenius_v4_21_0701.exe flashmaster.exe msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
304"C:\Users\admin\Desktop\ChipGenius_v4_21_0701\ChipGenius_v4_21_0701.exe" C:\Users\admin\Desktop\ChipGenius_v4_21_0701\ChipGenius_v4_21_0701.exe
explorer.exe
User:
admin
Company:
数码之家
Integrity Level:
HIGH
Description:
U盘/MP3主控芯片识别工具
Exit code:
0
Version:
4.21.0701
Modules
Images
c:\users\admin\desktop\chipgenius_v4_21_0701\chipgenius_v4_21_0701.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvbvm60.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
1080"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --single-argument https://coding.net/u/PeratX/p/FlashMaster/git/blob/master/FlashInfo.mdC:\Program Files\Microsoft\Edge\Application\msedge.exe
FlashMaster.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1200"C:\Users\admin\Desktop\ChipGenius_v4_21_0701\FlashMaster.exe" C:\Users\admin\Desktop\ChipGenius_v4_21_0701\FlashMaster.exe
explorer.exe
User:
admin
Company:
PeratX
Integrity Level:
MEDIUM
Description:
FlashMaster
Exit code:
0
Version:
1.4.6.20
Modules
Images
c:\users\admin\desktop\chipgenius_v4_21_0701\flashmaster.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\gdi32.dll
1312"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1616 --field-trial-handle=1248,i,3257489954844282238,16996322635027180905,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1596"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1392 --field-trial-handle=1220,i,9572728741815079788,802028471526316519,131072 /prefetch:3C:\Program Files\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1840"C:\Users\admin\Desktop\ChipGenius_v4_21_0701\FlashMaster.exe" C:\Users\admin\Desktop\ChipGenius_v4_21_0701\FlashMaster.exe
explorer.exe
User:
admin
Company:
PeratX
Integrity Level:
MEDIUM
Description:
FlashMaster
Exit code:
0
Version:
1.4.6.20
Modules
Images
c:\users\admin\desktop\chipgenius_v4_21_0701\flashmaster.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\gdi32.dll
2008"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=109.0.5414.149 "--annotation=exe=C:\Program Files\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win32 "--annotation=prod=Microsoft Edge" --annotation=ver=109.0.1518.115 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd8,0x6c5cf598,0x6c5cf5a8,0x6c5cf5b4C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2028"C:\Users\admin\Desktop\ChipGenius_v4_21_0701\ChipGenius_v4_21_0701.exe" C:\Users\admin\Desktop\ChipGenius_v4_21_0701\ChipGenius_v4_21_0701.exeexplorer.exe
User:
admin
Company:
数码之家
Integrity Level:
MEDIUM
Description:
U盘/MP3主控芯片识别工具
Exit code:
3221226540
Version:
4.21.0701
Modules
Images
c:\users\admin\desktop\chipgenius_v4_21_0701\chipgenius_v4_21_0701.exe
c:\windows\system32\ntdll.dll
2124"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1624 --field-trial-handle=1220,i,9572728741815079788,802028471526316519,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2256"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1204 --field-trial-handle=1220,i,9572728741815079788,802028471526316519,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
21 588
Read events
21 419
Write events
136
Delete events
33

Modification events

(PID) Process:(3984) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3984) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3984) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3984) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(3984) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(3984) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\curl-8.5.0_1-win32-mingw.zip
(PID) Process:(3984) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\ChipGenius_v4_21_0701.rar
(PID) Process:(3984) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3984) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3984) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
Executable files
2
Suspicious files
87
Text files
70
Unknown types
1

Dropped files

PID
Process
Filename
Type
1080msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF117bd4.TMP
MD5:
SHA256:
1080msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
1080msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF117c41.TMP
MD5:
SHA256:
1080msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old
MD5:
SHA256:
3984WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb3984.30223\ChipGenius_v4_21_0701\ChipGenius_v4_21_0701.exeexecutable
MD5:C225785C18C5EC684EA5A10FB3D56CC3
SHA256:8FD831C5BB24EE51F65699DA378F127044314E7184042E44646B40C507D09BB4
3984WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb3984.30223\ChipGenius_v4_21_0701\FlashMaster.exeexecutable
MD5:F90E2B5796159A7166E4C055ABD3FEB0
SHA256:D42736052810166F929B11E986A7E20A2FB3E2D686473FB07A8AA2B7E9421D38
1080msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RF117d8a.TMP
MD5:
SHA256:
1080msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old
MD5:
SHA256:
1080msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datbinary
MD5:A6EBC0D32A7B9304824D19DB63B4E37A
SHA256:E991057C2B1718A151C5FD06E1C153F57130D195454A1F94C8C4C20971697093
2008msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\CrashpadMetrics.pmabinary
MD5:C612E96CBFAC63232FC2062E15600FB1
SHA256:DB3C05D5EC0B6719A73E7F0BE84BCE9342772DA70567E7CE08CF6573480B38FF
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
25
DNS requests
32
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
1200
FlashMaster.exe
42.192.175.15:443
coding.net
Shenzhen Tencent Computer Systems Company Limited
CN
unknown
1840
FlashMaster.exe
42.192.175.15:443
coding.net
Shenzhen Tencent Computer Systems Company Limited
CN
unknown
1596
msedge.exe
81.69.167.241:443
coding.net
Shenzhen Tencent Computer Systems Company Limited
CN
unknown
1080
msedge.exe
239.255.255.250:1900
unknown
1596
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
1596
msedge.exe
13.107.21.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
1596
msedge.exe
163.181.92.245:443
assets-cdn.kf5.com
Zhejiang Taobao Network Co.,Ltd
DE
unknown

DNS requests

Domain
IP
Reputation
coding.net
  • 42.192.175.15
  • 81.69.167.241
  • 175.24.154.130
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
edge.microsoft.com
  • 13.107.21.239
  • 204.79.197.239
whitelisted
help-assets.codehub.cn
  • 61.54.7.107
  • 123.6.25.199
  • 119.188.174.58
  • 119.176.27.126
  • 61.54.7.111
  • 123.234.2.61
  • 123.6.37.224
  • 61.54.7.129
  • 123.6.37.172
  • 119.188.123.226
  • 123.6.42.197
  • 119.188.174.59
  • 61.54.7.112
unknown
assets-cdn.kf5.com
  • 163.181.92.245
  • 163.181.92.241
  • 163.181.92.226
  • 163.181.92.249
  • 163.181.92.225
  • 163.181.92.246
  • 163.181.92.243
  • 163.181.92.250
unknown
www.bing.com
  • 2.23.209.149
  • 2.23.209.179
  • 2.23.209.150
  • 2.23.209.156
  • 2.23.209.154
  • 2.23.209.137
  • 2.23.209.177
  • 2.23.209.158
  • 2.23.209.161
whitelisted
beacon.cdn.qq.com
  • 43.152.26.142
  • 43.152.26.197
  • 43.152.26.104
  • 43.152.26.151
  • 43.152.26.58
  • 43.152.26.154
  • 43.152.26.221
unknown
oth.str.beacon.qq.com
  • 14.22.9.242
  • 14.22.9.112
  • 14.22.9.180
unknown
otheve.beacon.qq.com
  • 129.226.103.123
  • 129.226.106.210
unknown
msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
  • 152.199.21.175
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
ChipGenius_v4_21_0701.rar