File name:

SR9900_SFX11.exe

Full analysis: https://app.any.run/tasks/ccdc32da-12dd-429f-a149-b15aaba5875f
Verdict: Malicious activity
Analysis date: January 27, 2024, 23:11:29
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

CE52ACAAD2366624D19108C0964B2EF5

SHA1:

4FA8597E2ADE588B18113891908E3C74299BBB43

SHA256:

324A828BA8A159384177F41D4B0A6D9910F6FF73EB2C07102B1BB09D8311BC44

SSDEEP:

1536:FC9z67CdWit6WNIUSpu7J4JPvdubtnQB6GAknq7C0n2B7Gg1830WM9D6td01l:r7CT6SF4J3gnQB6GFnq7C0Odu0HEo

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • install.exe (PID: 2388)
      • SR9900_SFX11.exe (PID: 2692)
      • drvinst.exe (PID: 2316)

    • Creates a writable file in the system directory

      • drvinst.exe (PID: 2316)

  • SUSPICIOUS

    • Drops a system driver (possible attempt to evade defenses)

      • SR9900_SFX11.exe (PID: 2692)
      • drvinst.exe (PID: 2316)
      • install.exe (PID: 2388)

    • Reads the Internet Settings

      • SR9900_SFX11.exe (PID: 2692)

    • Executable content was dropped or overwritten

      • SR9900_SFX11.exe (PID: 2692)
      • install.exe (PID: 2388)
      • drvinst.exe (PID: 2316)

    • Creates files in the driver directory

      • drvinst.exe (PID: 2316)

    • Checks Windows Trust Settings

      • drvinst.exe (PID: 2316)

  • INFO

    • Checks supported languages

      • SR9900_SFX11.exe (PID: 2692)
      • Setup.exe (PID: 2484)
      • install.exe (PID: 2388)
      • drvinst.exe (PID: 2316)

    • Create files in a temporary directory

      • SR9900_SFX11.exe (PID: 2692)
      • install.exe (PID: 2388)

    • Reads the machine GUID from the registry

      • drvinst.exe (PID: 2316)
      • install.exe (PID: 2388)

    • Reads the computer name

      • install.exe (PID: 2388)
      • SR9900_SFX11.exe (PID: 2692)
      • drvinst.exe (PID: 2316)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Generic Win/DOS Executable (50)
.exe | DOS Executable Generic (49.9)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2010:06:27 09:06:38+02:00
ImageFileCharacteristics: No relocs, Executable, 32-bit
PEType: PE32
LinkerVersion: 8
CodeSize: 70656
InitializedDataSize: 20992
UninitializedDataSize: -
EntryPoint: 0x11def
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.2.0.715
ProductVersionNumber: 1.2.0.715
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: SR9900 Driver SfX
CompanyName: CoreChips
FileDescription: sr9900 sfx
FileVersion: 3.0.6
InternalName: sr9900sfx
LegalCopyright: Copyright © 2019-2020 CoreChips
OriginalFileName: sr9900sfx
ProductName: sr9900sfx
ProductVersion: 3.0.6
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
45
Monitored processes
5
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start sr9900_sfx11.exe setup.exe no specs install.exe drvinst.exe sr9900_sfx11.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2316DrvInst.exe "4" "0" "C:\Users\admin\AppData\Local\Temp\{70992ba5-53cd-2f47-d094-86531b37365b}\SR9900.inf" "0" "65402fe5f" "000003F8" "WinSta0\Default" "00000550" "208" "C:\Users\admin\AppData\Local\Temp\SR9900_SFX\drivers\x86"C:\Windows\System32\drvinst.exe
svchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\drvinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
2388".\install.exe"C:\Users\admin\AppData\Local\Temp\SR9900_SFX\drivers\x86\install.exe
Setup.exe
User:
admin
Company:
CoreChip Semiconductor, Inc
Integrity Level:
HIGH
Description:
Install Program for CoreChip USB Ethernet
Exit code:
0
Version:
5.00 built by: WinDDK
Modules
Images
c:\users\admin\appdata\local\temp\sr9900_sfx\drivers\x86\install.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
2484"C:\Users\admin\AppData\Local\Temp\SR9900_SFX\Setup.exe" C:\Users\admin\AppData\Local\Temp\SR9900_SFX\Setup.exeSR9900_SFX11.exe
User:
admin
Company:
CoreChip Semiconductor, Inc
Integrity Level:
HIGH
Description:
Install Program for CoreChip USB Ethernet
Exit code:
0
Version:
5.00 built by: WinDDK
Modules
Images
c:\users\admin\appdata\local\temp\sr9900_sfx\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
2580"C:\Users\admin\AppData\Local\Temp\SR9900_SFX11.exe" C:\Users\admin\AppData\Local\Temp\SR9900_SFX11.exeexplorer.exe
User:
admin
Company:
CoreChips
Integrity Level:
MEDIUM
Description:
sr9900 sfx
Exit code:
3221226540
Version:
3.0.6
Modules
Images
c:\users\admin\appdata\local\temp\sr9900_sfx11.exe
c:\windows\system32\ntdll.dll
2692"C:\Users\admin\AppData\Local\Temp\SR9900_SFX11.exe" C:\Users\admin\AppData\Local\Temp\SR9900_SFX11.exe
explorer.exe
User:
admin
Company:
CoreChips
Integrity Level:
HIGH
Description:
sr9900 sfx
Exit code:
0
Version:
3.0.6
Modules
Images
c:\users\admin\appdata\local\temp\sr9900_sfx11.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
Total events
3 830
Read events
3 791
Write events
39
Delete events
0

Modification events

(PID) Process:(2692) SR9900_SFX11.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2692) SR9900_SFX11.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(2692) SR9900_SFX11.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(2692) SR9900_SFX11.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(2388) install.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2316) drvinst.exeKey:HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2316) drvinst.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates\9F6134C5FA75E4FDDE631B232BE961D6D4B97DB6
Operation:writeName:Blob
Value:
0300000001000000140000009F6134C5FA75E4FDDE631B232BE961D6D4B97DB6200000000100000047030000308203433082022BA00302010202147327B7C17D5AE708EF73F1F45A79D78B4E99A29F300D06092A864886F70D01010B05003031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C084469676943657274301E170D3233303932393130353030335A170D3339303530383130353030335A3031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C08446967694365727430820122300D06092A864886F70D01010105000382010F003082010A0282010100D91B7A55548F44F3E97C493153B75B055695736B184640D7335A2E6218083B5A1BEE2695209350E57A3EB76FBC604CB3B250DF3D9D0C560D1FBDFE30108D233A3C555100BE1A3F8E543C0B253E06E91B6D5F9CB3A093009BC8B4D3A0EB19DB59E56DA7E3D637847970D6C2AEB4A1FCF3896A7C080FE68759BAA62E6AAA8B7C7CBDA176DDC72F8D259A16D3469E31F19D2959904611D730D7D26FCFED789A0C49698FDFABF3F6727D08C61A073BB11E85C96486D49B0E0D38364C008A5EB964F8813C5DF004F9E76D2F8DB90702D800032674959BF0DF823785419101CEA928A10ACBAE7E48FE19202F3CB7BCF416476D17CB64C5570FCED443BD75D9F2C632FF0203010001A3533051301D0603551D0E041604145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7301F0603551D230418301680145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7300F0603551D130101FF040530030101FF300D06092A864886F70D01010B05000382010100AF2218E4CA18144728FCC76EA14958061522FD4A018BED1A4BFCC5CCE70BC6AE9DF7D3795C9A010D53628E2B6E7C10D6B07E53546235A5EE480E5A434E312154BF1E39AAC27D2C18D4F41CBBECFE4538CEF93EF62C17D187A7F720F4A9478410D09620C9F8B293B5786A5440BC0743B7B7753CF66FBA498B7E083BC267597238DC031B9BB131F997D9B8164AAED0D6E328420E53E1969DA6CD035078179677A7177BB2BF9C87CF592910CD380E8501B92040A39469C782BA383BEAE498C060FCC7C429BC10B7B6B7A0659C9BE03DC13DB46C638CF5E3B22A303726906DC8DD91C64501EBFC282A3A497EC430CACC066EE4BF9C5C8F2F2A05D0C1921A9E3E85E3
(PID) Process:(2316) drvinst.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates\9F6134C5FA75E4FDDE631B232BE961D6D4B97DB6
Operation:writeName:Blob
Value:
0F00000001000000200000009065F32AFC2CFEA7F452D2D6BE94D20C877EFC1C05433D9935696193FDCC05D80300000001000000140000009F6134C5FA75E4FDDE631B232BE961D6D4B97DB6200000000100000047030000308203433082022BA00302010202147327B7C17D5AE708EF73F1F45A79D78B4E99A29F300D06092A864886F70D01010B05003031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C084469676943657274301E170D3233303932393130353030335A170D3339303530383130353030335A3031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C08446967694365727430820122300D06092A864886F70D01010105000382010F003082010A0282010100D91B7A55548F44F3E97C493153B75B055695736B184640D7335A2E6218083B5A1BEE2695209350E57A3EB76FBC604CB3B250DF3D9D0C560D1FBDFE30108D233A3C555100BE1A3F8E543C0B253E06E91B6D5F9CB3A093009BC8B4D3A0EB19DB59E56DA7E3D637847970D6C2AEB4A1FCF3896A7C080FE68759BAA62E6AAA8B7C7CBDA176DDC72F8D259A16D3469E31F19D2959904611D730D7D26FCFED789A0C49698FDFABF3F6727D08C61A073BB11E85C96486D49B0E0D38364C008A5EB964F8813C5DF004F9E76D2F8DB90702D800032674959BF0DF823785419101CEA928A10ACBAE7E48FE19202F3CB7BCF416476D17CB64C5570FCED443BD75D9F2C632FF0203010001A3533051301D0603551D0E041604145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7301F0603551D230418301680145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7300F0603551D130101FF040530030101FF300D06092A864886F70D01010B05000382010100AF2218E4CA18144728FCC76EA14958061522FD4A018BED1A4BFCC5CCE70BC6AE9DF7D3795C9A010D53628E2B6E7C10D6B07E53546235A5EE480E5A434E312154BF1E39AAC27D2C18D4F41CBBECFE4538CEF93EF62C17D187A7F720F4A9478410D09620C9F8B293B5786A5440BC0743B7B7753CF66FBA498B7E083BC267597238DC031B9BB131F997D9B8164AAED0D6E328420E53E1969DA6CD035078179677A7177BB2BF9C87CF592910CD380E8501B92040A39469C782BA383BEAE498C060FCC7C429BC10B7B6B7A0659C9BE03DC13DB46C638CF5E3B22A303726906DC8DD91C64501EBFC282A3A497EC430CACC066EE4BF9C5C8F2F2A05D0C1921A9E3E85E3
(PID) Process:(2316) drvinst.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates\9F6134C5FA75E4FDDE631B232BE961D6D4B97DB6
Operation:writeName:Blob
Value:
1400000001000000140000005D6CA352CEFC713CBBC5E21F663C3639FD19D4D70300000001000000140000009F6134C5FA75E4FDDE631B232BE961D6D4B97DB60F00000001000000200000009065F32AFC2CFEA7F452D2D6BE94D20C877EFC1C05433D9935696193FDCC05D8200000000100000047030000308203433082022BA00302010202147327B7C17D5AE708EF73F1F45A79D78B4E99A29F300D06092A864886F70D01010B05003031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C084469676943657274301E170D3233303932393130353030335A170D3339303530383130353030335A3031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C08446967694365727430820122300D06092A864886F70D01010105000382010F003082010A0282010100D91B7A55548F44F3E97C493153B75B055695736B184640D7335A2E6218083B5A1BEE2695209350E57A3EB76FBC604CB3B250DF3D9D0C560D1FBDFE30108D233A3C555100BE1A3F8E543C0B253E06E91B6D5F9CB3A093009BC8B4D3A0EB19DB59E56DA7E3D637847970D6C2AEB4A1FCF3896A7C080FE68759BAA62E6AAA8B7C7CBDA176DDC72F8D259A16D3469E31F19D2959904611D730D7D26FCFED789A0C49698FDFABF3F6727D08C61A073BB11E85C96486D49B0E0D38364C008A5EB964F8813C5DF004F9E76D2F8DB90702D800032674959BF0DF823785419101CEA928A10ACBAE7E48FE19202F3CB7BCF416476D17CB64C5570FCED443BD75D9F2C632FF0203010001A3533051301D0603551D0E041604145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7301F0603551D230418301680145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7300F0603551D130101FF040530030101FF300D06092A864886F70D01010B05000382010100AF2218E4CA18144728FCC76EA14958061522FD4A018BED1A4BFCC5CCE70BC6AE9DF7D3795C9A010D53628E2B6E7C10D6B07E53546235A5EE480E5A434E312154BF1E39AAC27D2C18D4F41CBBECFE4538CEF93EF62C17D187A7F720F4A9478410D09620C9F8B293B5786A5440BC0743B7B7753CF66FBA498B7E083BC267597238DC031B9BB131F997D9B8164AAED0D6E328420E53E1969DA6CD035078179677A7177BB2BF9C87CF592910CD380E8501B92040A39469C782BA383BEAE498C060FCC7C429BC10B7B6B7A0659C9BE03DC13DB46C638CF5E3B22A303726906DC8DD91C64501EBFC282A3A497EC430CACC066EE4BF9C5C8F2F2A05D0C1921A9E3E85E3
Executable files
10
Suspicious files
21
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
2692SR9900_SFX11.exeC:\Users\admin\AppData\Local\Temp\SR9900_SFX\drivers\x64\SR9900.infbinary
MD5:05AF1EE3AA134579025796A57982E26F
SHA256:D09602EE7F38AF6A13897C98ACAD518417D30501EA32204821E528B2E4DC688A
2388install.exeC:\Users\admin\AppData\Local\Temp\{70992ba5-53cd-2f47-d094-86531b37365b}\SET98A5.tmpbinary
MD5:2E6C66FD601F2764CC47436F65A70B85
SHA256:0657CC966B6A15157823A344ABFE46347427DB5DFB27280F9B1710DC44EB9A10
2692SR9900_SFX11.exeC:\Users\admin\AppData\Local\Temp\SR9900_SFX\drivers\x86\sr9900.catcat
MD5:FB206FF01F55CC1D8054596F1723C54C
SHA256:05BB0C02C444AE99EA80AF7B525F3413AA73A3EC32F7D020E7BF11AF50848B35
2692SR9900_SFX11.exeC:\Users\admin\AppData\Local\Temp\SR9900_SFX\drivers\x64\install.exeexecutable
MD5:B62DAEA596B106323094583E3CA6F931
SHA256:61E8B34B243AB64C107639328DE2F2210E26C70C167185E23E2B9AD53005DA8E
2388install.exeC:\Users\admin\AppData\Local\Temp\{70992ba5-53cd-2f47-d094-86531b37365b}\SET98B6.tmpexecutable
MD5:735FE1D058B61DB44B94008026FF4B83
SHA256:EE2E85A2592FE4E1AA0F2547560E619A82A8B9432240D0860F14496D23EFCE82
2388install.exeC:\Users\admin\AppData\Local\Temp\{70992ba5-53cd-2f47-d094-86531b37365b}\SR9900.infbinary
MD5:2E6C66FD601F2764CC47436F65A70B85
SHA256:0657CC966B6A15157823A344ABFE46347427DB5DFB27280F9B1710DC44EB9A10
2388install.exeC:\Users\admin\AppData\Local\Temp\{70992ba5-53cd-2f47-d094-86531b37365b}\SR9900.sysexecutable
MD5:735FE1D058B61DB44B94008026FF4B83
SHA256:EE2E85A2592FE4E1AA0F2547560E619A82A8B9432240D0860F14496D23EFCE82
2388install.exeC:\Users\admin\AppData\Local\Temp\{70992ba5-53cd-2f47-d094-86531b37365b}\SET9895.tmpbinary
MD5:FB206FF01F55CC1D8054596F1723C54C
SHA256:05BB0C02C444AE99EA80AF7B525F3413AA73A3EC32F7D020E7BF11AF50848B35
2692SR9900_SFX11.exeC:\Users\admin\AppData\Local\Temp\SR9900_SFX\drivers\x86\SR9900.sysexecutable
MD5:735FE1D058B61DB44B94008026FF4B83
SHA256:EE2E85A2592FE4E1AA0F2547560E619A82A8B9432240D0860F14496D23EFCE82
2692SR9900_SFX11.exeC:\Users\admin\AppData\Local\Temp\SR9900_SFX\Setup.exeexecutable
MD5:E4C61F137BF08F7345F254968B20A850
SHA256:5EB575A8A2FBC2457DA37180A45E1A3F26D9503CE218943A403EB02DA6C86D0E
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
SR9900_SFX11.exe