File name:

Google Gemini AI official version v1.msi

Full analysis: https://app.any.run/tasks/515f5fa4-fdf8-4a11-b8b7-1753efcfdb8a
Verdict: Malicious activity
Analysis date: December 13, 2023, 12:53:27
OS: Windows 7 Professional Service Pack 1 (build: 7601, 64 bit)
Indicators:
MIME: application/x-msi
File info: Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Create Time/Date: Mon Jun 21 08:00:00 1999, Name of Creating Application: Windows Installer, Security: 1, Code page: 1252, Template: Intel;1033, Number of Pages: 200, Revision Number: {63A3D0ED-51F2-428B-9409-676AC8A9CA77}, Title: Install, Author: Install, Comments: Bringing the benefits of AI to everyone, Number of Words: 2, Last Saved Time/Date: Wed Dec 13 01:08:12 2023, Last Printed: Wed Dec 13 01:08:12 2023
MD5:

8E6F7A85D032D7F68C0D2111981F1BAF

SHA1:

EAF1ED37133849BD6DF26C06E6AC5584A32EAB64

SHA256:

83E571AE288CE7B75AFFA0031D7388C86BE268F93442215A0F9DE8F84FABD278

SSDEEP:

49152:IvipiRM4wMOa0mZ+UsZoJ5RxgKVQIvHe3wqnDA1/69RTuj1OA0mnybauVuu99GQP:riRM4wmUUs+J5RxV6901iXm8A0mnIjuC

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • msiexec.exe (PID: 1828)

    • Changes powershell execution policy (Bypass)

      • cmd.exe (PID: 2412)

    • Bypass execution policy to execute commands

      • powershell.exe (PID: 1716)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • msiexec.exe (PID: 2932)
      • msiexec.exe (PID: 1828)

    • Executes as Windows Service

      • VSSVC.exe (PID: 1392)

    • Executing commands from ".cmd" file

      • msiexec.exe (PID: 1828)

    • Starts CMD.EXE for commands execution

      • msiexec.exe (PID: 1828)

    • Reads the Internet Settings

      • powershell.exe (PID: 1716)

    • The process executes Powershell scripts

      • cmd.exe (PID: 2412)

    • Starts POWERSHELL.EXE for commands execution

      • cmd.exe (PID: 2412)

  • INFO

    • Reads the computer name

      • msiexec.exe (PID: 1828)
      • msiexec.exe (PID: 1772)
      • msiexec.exe (PID: 2164)

    • Checks supported languages

      • msiexec.exe (PID: 1828)
      • msiexec.exe (PID: 1772)
      • msiexec.exe (PID: 2164)

    • Reads the machine GUID from the registry

      • msiexec.exe (PID: 1828)
      • msiexec.exe (PID: 1772)
      • msiexec.exe (PID: 2164)

    • Create files in a temporary directory

      • msiexec.exe (PID: 1772)
      • msiexec.exe (PID: 2164)
      • msiexec.exe (PID: 1828)

    • Drops the executable file immediately after the start

      • msiexec.exe (PID: 2932)

    • Creates files or folders in the user directory

      • msiexec.exe (PID: 1828)

    • Application launched itself

      • chrome.exe (PID: 1560)
      • msedge.exe (PID: 1680)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.msi | Microsoft Windows Installer (90.2)
.msp | Windows Installer Patch (8.4)
.msi | Microsoft Installer (100)

EXIF

FlashPix

CreateDate: 1999:06:21 07:00:00
Software: Windows Installer
Security: Password protected
CodePage: Windows Latin 1 (Western European)
Template: Intel;1033
Pages: 200
RevisionNumber: {63A3D0ED-51F2-428B-9409-676AC8A9CA77}
Title: Install
Subject: -
Author: Install
Keywords: -
Comments: Bringing the benefits of AI to everyone
Words: 2
ModifyDate: 2023:12:13 01:08:12
LastPrinted: 2023:12:13 01:08:12
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
78
Monitored processes
44
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start msiexec.exe no specs msiexec.exe no specs msiexec.exe no specs vssvc.exe no specs msiexec.exe no specs cmd.exe no specs powershell.exe no specs chrome.exe chrome.exe no specs msedge.exe msedge.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs chrome.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs chrome.exe no specs msedge.exe no specs msedge.exe no specs chrome.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1392C:\Windows\system32\vssvc.exeC:\Windows\System32\VSSVC.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft® Volume Shadow Copy Service
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
1420"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1328 --field-trial-handle=1396,i,1678145793698562453,518584701932014582,131072 /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
1452"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2088 --field-trial-handle=1072,i,3131559018797910565,2823570634067214174,131072 /prefetch:1C:\Program Files (x86)\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
1560"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --load-extension="C:\Program Files (x86)\Google\Install\nmmhkkegccagdldgiimedpic" --new-window https://deepmind.google/technologies/gemini/#introduction C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
powershell.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
1612"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1112 --field-trial-handle=1072,i,3131559018797910565,2823570634067214174,131072 /prefetch:2C:\Program Files (x86)\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
1680"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --load-extension="C:\Program Files (x86)\Google\Install\nmmhkkegccagdldgiimedpic" --new-window https://deepmind.google/technologies/gemini/#introduction C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
powershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
1716powershell -ExecutionPolicy Bypass -File "C:\Program Files (x86)\Google\Install\nmmhkkegccagdldgiimedpic/ru.ps1"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell
Exit code:
0
Version:
10.0.14409.1005 (rs1_srvoob.161208-1155)
1772C:\Windows\syswow64\MsiExec.exe -Embedding 49A38E315EFC22D4C1E9518CBBEC195C CC:\Windows\SysWOW64\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Exit code:
0
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
1828C:\Windows\system32\msiexec.exe /VC:\Windows\System32\msiexec.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Exit code:
0
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
2060"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=109.0.5414.120 --initial-client-data=0xcc,0xd0,0xd4,0xa0,0xd8,0x7fef4fc6b58,0x7fef4fc6b68,0x7fef4fc6b78C:\Program Files (x86)\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
13
Suspicious files
297
Text files
76
Unknown types
7

Dropped files

PID
Process
Filename
Type
1828msiexec.exeC:\System Volume Information\SPP\metadata-2
MD5:
SHA256:
1828msiexec.exeC:\Windows\Installer\MSIF4BB.tmpexecutable
MD5:B77A2A2768B9CC78A71BBFFB9812B978
SHA256:F74C97B1A53541B059D3BFAFE41A79005CE5065F8210D7DE9F1B600DC4E28AA0
2164msiexec.exeC:\Users\admin\AppData\Local\Temp\CFGF518.tmpxml
MD5:68675E0D405C8C76102802FA624EB895
SHA256:B839CDD1C3F55651CD4D0E54A679BCE5AC60ED7618A7B74BFC8EF8CA311E53ED
1828msiexec.exeC:\System Volume Information\SPP\snapshot-2binary
MD5:EBAF8F3A47CE49638A4C09F1ADD10FA4
SHA256:B02C732B0D96932B6ED237202E505D775AD45730D71231B79AC3B08077836626
1828msiexec.exeC:\Users\admin\AppData\Local\Temp\~DF2D2F8EBCAC2FD7CF.TMPbinary
MD5:21023855E470CFD95385849BA13BD2A7
SHA256:179E46DAB57A12D174CFE79CEAD8E99C75211ED18260B06304E566100A33B610
1828msiexec.exeC:\System Volume Information\SPP\OnlineMetadataCache\{5b5e79d6-9a9e-4bd0-a432-d500b542a9d4}_OnDiskSnapshotPropbinary
MD5:EBAF8F3A47CE49638A4C09F1ADD10FA4
SHA256:B02C732B0D96932B6ED237202E505D775AD45730D71231B79AC3B08077836626
1828msiexec.exeC:\Windows\Installer\22f392.msiexecutable
MD5:8E6F7A85D032D7F68C0D2111981F1BAF
SHA256:83E571AE288CE7B75AFFA0031D7388C86BE268F93442215A0F9DE8F84FABD278
1828msiexec.exeC:\Windows\Installer\MSIF529.tmpexecutable
MD5:B77A2A2768B9CC78A71BBFFB9812B978
SHA256:F74C97B1A53541B059D3BFAFE41A79005CE5065F8210D7DE9F1B600DC4E28AA0
2932msiexec.exeC:\Users\admin\AppData\Local\Temp\MSIBD11.tmpexecutable
MD5:B77A2A2768B9CC78A71BBFFB9812B978
SHA256:F74C97B1A53541B059D3BFAFE41A79005CE5065F8210D7DE9F1B600DC4E28AA0
1828msiexec.exeC:\Program Files (x86)\Google\Install\nmmhkkegccagdldgiimedpic\manifest.jsonbinary
MD5:162CE37B0F293F4CFAD78AEFFA7028A5
SHA256:F7AE9888BBFB60D6598FE9247FEF9EDEBC8928593F4E4032292D846E40B50254
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
123
DNS requests
160
Threats
1

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1956
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:138
whitelisted
324
svchost.exe
224.0.0.252:5355
unknown
1560
chrome.exe
239.255.255.250:1900
whitelisted
2300
chrome.exe
216.58.206.42:443
www.googleapis.com
GOOGLE
US
unknown
2300
chrome.exe
108.177.15.84:443
accounts.google.com
GOOGLE
US
unknown
2300
chrome.exe
142.250.186.35:443
clientservices.googleapis.com
GOOGLE
US
unknown
2300
chrome.exe
216.239.38.21:443
deepmind.google
GOOGLE
US
whitelisted
1680
msedge.exe
239.255.255.250:1900
unknown

DNS requests

Domain
IP
Reputation
www.googleapis.com
  • 216.58.206.42
  • 172.217.18.106
  • 216.58.212.170
  • 172.217.23.106
  • 142.250.185.74
  • 142.250.185.106
  • 142.250.185.138
  • 142.250.185.170
  • 142.250.185.202
  • 142.250.185.234
  • 142.250.186.74
  • 142.250.186.106
  • 142.250.181.234
  • 142.250.184.202
  • 142.250.184.234
  • 142.250.186.138
whitelisted
accounts.google.com
  • 108.177.15.84
shared
clientservices.googleapis.com
  • 142.250.186.35
whitelisted
deepmind.google
  • 216.239.38.21
  • 216.239.34.21
  • 216.239.32.21
  • 216.239.36.21
unknown
fonts.googleapis.com
  • 142.250.186.74
whitelisted
www.gstatic.com
  • 142.250.185.163
whitelisted
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
nav-edge.smartscreen.microsoft.com
  • 20.31.251.109
whitelisted
data-edge.smartscreen.microsoft.com
  • 20.103.180.120
whitelisted

Threats

PID
Process
Class
Message
3092
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Azure Front Door domain observed in TLS SNI ( .azurefd .net)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
Google Gemini AI official version v1.msi