File name:

SR9900_SFX11.exe

Full analysis: https://app.any.run/tasks/814056f9-1c94-45cb-8156-e5c20bddc418
Verdict: Malicious activity
Analysis date: January 05, 2024, 05:58:14
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

CE52ACAAD2366624D19108C0964B2EF5

SHA1:

4FA8597E2ADE588B18113891908E3C74299BBB43

SHA256:

324A828BA8A159384177F41D4B0A6D9910F6FF73EB2C07102B1BB09D8311BC44

SSDEEP:

1536:FC9z67CdWit6WNIUSpu7J4JPvdubtnQB6GAknq7C0n2B7Gg1830WM9D6td01l:r7CT6SF4J3gnQB6GFnq7C0Odu0HEo

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Creates a writable file in the system directory

      • drvinst.exe (PID: 1044)

  • SUSPICIOUS

    • Drops a system driver (possible attempt to evade defenses)

      • SR9900_SFX11.exe (PID: 2208)
      • install.exe (PID: 668)
      • drvinst.exe (PID: 1044)

    • Reads the Internet Settings

      • SR9900_SFX11.exe (PID: 2208)

    • Creates files in the driver directory

      • drvinst.exe (PID: 1044)

    • Checks Windows Trust Settings

      • drvinst.exe (PID: 1044)

  • INFO

    • Drops the executable file immediately after the start

      • SR9900_SFX11.exe (PID: 2208)
      • install.exe (PID: 668)
      • drvinst.exe (PID: 1044)

    • Checks supported languages

      • SR9900_SFX11.exe (PID: 2208)
      • install.exe (PID: 668)
      • Setup.exe (PID: 1392)
      • drvinst.exe (PID: 1044)

    • Reads the computer name

      • SR9900_SFX11.exe (PID: 2208)
      • install.exe (PID: 668)
      • drvinst.exe (PID: 1044)

    • Create files in a temporary directory

      • SR9900_SFX11.exe (PID: 2208)
      • install.exe (PID: 668)

    • Reads the machine GUID from the registry

      • install.exe (PID: 668)
      • drvinst.exe (PID: 1044)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Generic Win/DOS Executable (50)
.exe | DOS Executable Generic (49.9)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2010:06:27 09:06:38+02:00
ImageFileCharacteristics: No relocs, Executable, 32-bit
PEType: PE32
LinkerVersion: 8
CodeSize: 70656
InitializedDataSize: 20992
UninitializedDataSize: -
EntryPoint: 0x11def
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.2.0.715
ProductVersionNumber: 1.2.0.715
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: SR9900 Driver SfX
CompanyName: CoreChips
FileDescription: sr9900 sfx
FileVersion: 3.0.6
InternalName: sr9900sfx
LegalCopyright: Copyright © 2019-2020 CoreChips
OriginalFileName: sr9900sfx
ProductName: sr9900sfx
ProductVersion: 3.0.6
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
41
Monitored processes
5
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
start sr9900_sfx11.exe setup.exe no specs install.exe no specs drvinst.exe no specs sr9900_sfx11.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
668".\install.exe"C:\Users\admin\AppData\Local\Temp\SR9900_SFX\drivers\x86\install.exeSetup.exe
User:
admin
Company:
CoreChip Semiconductor, Inc
Integrity Level:
HIGH
Description:
Install Program for CoreChip USB Ethernet
Exit code:
0
Version:
5.00 built by: WinDDK
Modules
Images
c:\users\admin\appdata\local\temp\sr9900_sfx\drivers\x86\install.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1044DrvInst.exe "4" "0" "C:\Users\admin\AppData\Local\Temp\{1b362dea-02c5-4cf1-e343-0b3fc5424e2e}\SR9900.inf" "0" "65402fe5f" "00000570" "WinSta0\Default" "00000338" "208" "C:\Users\admin\AppData\Local\Temp\SR9900_SFX\drivers\x86"C:\Windows\System32\drvinst.exesvchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\drvinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1392"C:\Users\admin\AppData\Local\Temp\SR9900_SFX\Setup.exe" C:\Users\admin\AppData\Local\Temp\SR9900_SFX\Setup.exeSR9900_SFX11.exe
User:
admin
Company:
CoreChip Semiconductor, Inc
Integrity Level:
HIGH
Description:
Install Program for CoreChip USB Ethernet
Exit code:
0
Version:
5.00 built by: WinDDK
Modules
Images
c:\users\admin\appdata\local\temp\sr9900_sfx\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
2044"C:\Users\admin\AppData\Local\Temp\SR9900_SFX11.exe" C:\Users\admin\AppData\Local\Temp\SR9900_SFX11.exeexplorer.exe
User:
admin
Company:
CoreChips
Integrity Level:
MEDIUM
Description:
sr9900 sfx
Exit code:
3221226540
Version:
3.0.6
Modules
Images
c:\users\admin\appdata\local\temp\sr9900_sfx11.exe
c:\windows\system32\ntdll.dll
2208"C:\Users\admin\AppData\Local\Temp\SR9900_SFX11.exe" C:\Users\admin\AppData\Local\Temp\SR9900_SFX11.exe
explorer.exe
User:
admin
Company:
CoreChips
Integrity Level:
HIGH
Description:
sr9900 sfx
Exit code:
0
Version:
3.0.6
Modules
Images
c:\users\admin\appdata\local\temp\sr9900_sfx11.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
Total events
3 791
Read events
3 755
Write events
36
Delete events
0

Modification events

(PID) Process:(2208) SR9900_SFX11.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2208) SR9900_SFX11.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(2208) SR9900_SFX11.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(2208) SR9900_SFX11.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(668) install.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(1044) drvinst.exeKey:HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
Executable files
10
Suspicious files
21
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
2208SR9900_SFX11.exeC:\Users\admin\AppData\Local\Temp\SR9900_SFX\Setup.exeexecutable
MD5:E4C61F137BF08F7345F254968B20A850
SHA256:5EB575A8A2FBC2457DA37180A45E1A3F26D9503CE218943A403EB02DA6C86D0E
2208SR9900_SFX11.exeC:\Users\admin\AppData\Local\Temp\SR9900_SFX\drivers\x86\install.exeexecutable
MD5:3A7B764F0C3DDAF0377A9952949C190E
SHA256:3172A69C5F0B31E6EC059B277B317B1A9D5A5111376304C7846FA794F6072109
668install.exeC:\Users\admin\AppData\Local\Temp\{1b362dea-02c5-4cf1-e343-0b3fc5424e2e}\SETFCFE.tmpcat
MD5:FB206FF01F55CC1D8054596F1723C54C
SHA256:05BB0C02C444AE99EA80AF7B525F3413AA73A3EC32F7D020E7BF11AF50848B35
2208SR9900_SFX11.exeC:\Users\admin\AppData\Local\Temp\SR9900_SFX\drivers\x86\SR9900.infbinary
MD5:2E6C66FD601F2764CC47436F65A70B85
SHA256:0657CC966B6A15157823A344ABFE46347427DB5DFB27280F9B1710DC44EB9A10
2208SR9900_SFX11.exeC:\Users\admin\AppData\Local\Temp\SR9900_SFX\drivers\x64\sr9900.catbinary
MD5:CEAF5443C374FA00420233850B9A36B5
SHA256:91751D5461BA05984ADE62F2CEC5400AFFFECBD9C244EC51335FEE9198644D71
2208SR9900_SFX11.exeC:\Users\admin\AppData\Local\Temp\SR9900_SFX\drivers\x86\sr9900.catbinary
MD5:FB206FF01F55CC1D8054596F1723C54C
SHA256:05BB0C02C444AE99EA80AF7B525F3413AA73A3EC32F7D020E7BF11AF50848B35
2208SR9900_SFX11.exeC:\Users\admin\AppData\Local\Temp\SR9900_SFX\drivers\x64\SR9900.infbinary
MD5:05AF1EE3AA134579025796A57982E26F
SHA256:D09602EE7F38AF6A13897C98ACAD518417D30501EA32204821E528B2E4DC688A
2208SR9900_SFX11.exeC:\Users\admin\AppData\Local\Temp\SR9900_SFX\drivers\x64\SR9900.sysexecutable
MD5:A854E5540CC329A034ECAF189204726D
SHA256:C10EA4C866103A6F2637539EBCF9EDB12F65C30EEF46A6221CD04910070E1D7E
2208SR9900_SFX11.exeC:\Users\admin\AppData\Local\Temp\SR9900_SFX\drivers\x86\SR9900.sysexecutable
MD5:735FE1D058B61DB44B94008026FF4B83
SHA256:EE2E85A2592FE4E1AA0F2547560E619A82A8B9432240D0860F14496D23EFCE82
668install.exeC:\Users\admin\AppData\Local\Temp\{1b362dea-02c5-4cf1-e343-0b3fc5424e2e}\SR9900.catcat
MD5:FB206FF01F55CC1D8054596F1723C54C
SHA256:05BB0C02C444AE99EA80AF7B525F3413AA73A3EC32F7D020E7BF11AF50848B35
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
SR9900_SFX11.exe