Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
6Static
static
3cvnwzmammv.exe
windows7-x64
6cvnwzmammv.exe
windows10-1703-x64
6cvnwzmammv.exe
windows10-2004-x64
cvnwzmammv.exe
windows11-21h2-x64
cvnwzmammv.exe
macos-10.15-amd64
4cvnwzmammv...ss.exe
windows7-x64
6cvnwzmammv...ss.exe
windows10-1703-x64
1cvnwzmammv...ss.exe
windows10-2004-x64
1cvnwzmammv...ss.exe
windows11-21h2-x64
1cvnwzmammv...ss.exe
macos-10.15-amd64
1Analysis
-
max time kernel
1799s -
max time network
1786s -
platform
windows10-1703_x64 -
resource
win10-20240221-en -
resource tags
arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system -
submitted
27/03/2024, 00:42
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
cvnwzmammv.exe
Resource
win7-20240221-en
windows7-x64
8 signatures
1800 seconds
Behavioral task
behavioral2
Sample
cvnwzmammv.exe
Resource
win10-20240221-en
windows10-1703-x64
4 signatures
1800 seconds
Behavioral task
behavioral3
Sample
cvnwzmammv.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
4 signatures
1800 seconds
Behavioral task
behavioral4
Sample
cvnwzmammv.exe
Resource
win11-20240221-en
windows11-21h2-x64
4 signatures
1800 seconds
Behavioral task
behavioral5
Sample
cvnwzmammv.exe
Resource
macos-20240214-en
macos-10.15-amd64
1 signatures
1800 seconds
Behavioral task
behavioral6
Sample
cvnwzmammv.harmless.exe
Resource
win7-20240220-en
windows7-x64
10 signatures
1800 seconds
Behavioral task
behavioral7
Sample
cvnwzmammv.harmless.exe
Resource
win10-20240221-en
windows10-1703-x64
8 signatures
1800 seconds
Behavioral task
behavioral8
Sample
cvnwzmammv.harmless.exe
Resource
win10v2004-20240319-en
windows10-2004-x64
1 signatures
1800 seconds
Behavioral task
behavioral9
Sample
cvnwzmammv.harmless.exe
Resource
win11-20240221-en
windows11-21h2-x64
9 signatures
1800 seconds
Behavioral task
behavioral10
Sample
cvnwzmammv.harmless.exe
Resource
macos-20240214-en
macos-10.15-amd64
0 signatures
1800 seconds
General
-
Target
cvnwzmammv.harmless.exe
-
Size
307KB
-
MD5
8b537468ed4eafd01ae1f6d5f11bc052
-
SHA1
601f8e1aa9d178f7b1ed87606edb19450ab714c1
-
SHA256
db6487202d548f3e8f5a28f38095d48dfcf7ede13b31d49b827262d314d57f9c
-
SHA512
ebd2f83dedea6cdeaa71afb068544dfdad75a146c8d542643a105d3f2de2cef9954727c1be4486be522c314c8a1057de8699318530ce493542e545f873c699fb
-
SSDEEP
3072:xfo9A6UsqCFiv2mvVZKjzepmECVflsC6m7Yl22wruUiLrf923F8GDsrXkd+nAz4Z:69GzmzeAPN0n
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133559747617969721" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 372 chrome.exe 372 chrome.exe 612 chrome.exe 612 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 372 chrome.exe 372 chrome.exe 372 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: 33 4928 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 4928 AUDIODG.EXE Token: SeShutdownPrivilege 372 chrome.exe Token: SeCreatePagefilePrivilege 372 chrome.exe Token: SeShutdownPrivilege 372 chrome.exe Token: SeCreatePagefilePrivilege 372 chrome.exe Token: SeShutdownPrivilege 372 chrome.exe Token: SeCreatePagefilePrivilege 372 chrome.exe Token: SeShutdownPrivilege 372 chrome.exe Token: SeCreatePagefilePrivilege 372 chrome.exe Token: SeShutdownPrivilege 372 chrome.exe Token: SeCreatePagefilePrivilege 372 chrome.exe Token: SeShutdownPrivilege 372 chrome.exe Token: SeCreatePagefilePrivilege 372 chrome.exe Token: SeShutdownPrivilege 372 chrome.exe Token: SeCreatePagefilePrivilege 372 chrome.exe Token: SeShutdownPrivilege 372 chrome.exe Token: SeCreatePagefilePrivilege 372 chrome.exe Token: SeShutdownPrivilege 372 chrome.exe Token: SeCreatePagefilePrivilege 372 chrome.exe Token: SeShutdownPrivilege 372 chrome.exe Token: SeCreatePagefilePrivilege 372 chrome.exe Token: SeShutdownPrivilege 372 chrome.exe Token: SeCreatePagefilePrivilege 372 chrome.exe Token: SeShutdownPrivilege 372 chrome.exe Token: SeCreatePagefilePrivilege 372 chrome.exe Token: SeShutdownPrivilege 372 chrome.exe Token: SeCreatePagefilePrivilege 372 chrome.exe Token: SeShutdownPrivilege 372 chrome.exe Token: SeCreatePagefilePrivilege 372 chrome.exe Token: SeShutdownPrivilege 372 chrome.exe Token: SeCreatePagefilePrivilege 372 chrome.exe Token: SeShutdownPrivilege 372 chrome.exe Token: SeCreatePagefilePrivilege 372 chrome.exe Token: SeShutdownPrivilege 372 chrome.exe Token: SeCreatePagefilePrivilege 372 chrome.exe Token: SeShutdownPrivilege 372 chrome.exe Token: SeCreatePagefilePrivilege 372 chrome.exe Token: SeShutdownPrivilege 372 chrome.exe Token: SeCreatePagefilePrivilege 372 chrome.exe Token: SeShutdownPrivilege 372 chrome.exe Token: SeCreatePagefilePrivilege 372 chrome.exe Token: SeShutdownPrivilege 372 chrome.exe Token: SeCreatePagefilePrivilege 372 chrome.exe Token: SeShutdownPrivilege 372 chrome.exe Token: SeCreatePagefilePrivilege 372 chrome.exe Token: SeShutdownPrivilege 372 chrome.exe Token: SeCreatePagefilePrivilege 372 chrome.exe Token: SeShutdownPrivilege 372 chrome.exe Token: SeCreatePagefilePrivilege 372 chrome.exe Token: SeShutdownPrivilege 372 chrome.exe Token: SeCreatePagefilePrivilege 372 chrome.exe Token: SeShutdownPrivilege 372 chrome.exe Token: SeCreatePagefilePrivilege 372 chrome.exe Token: SeShutdownPrivilege 372 chrome.exe Token: SeCreatePagefilePrivilege 372 chrome.exe Token: SeShutdownPrivilege 372 chrome.exe Token: SeCreatePagefilePrivilege 372 chrome.exe Token: SeShutdownPrivilege 372 chrome.exe Token: SeCreatePagefilePrivilege 372 chrome.exe Token: SeShutdownPrivilege 372 chrome.exe Token: SeCreatePagefilePrivilege 372 chrome.exe Token: SeShutdownPrivilege 372 chrome.exe Token: SeCreatePagefilePrivilege 372 chrome.exe -
Suspicious use of FindShellTrayWindow 27 IoCs
pid Process 372 chrome.exe 372 chrome.exe 372 chrome.exe 372 chrome.exe 372 chrome.exe 372 chrome.exe 372 chrome.exe 372 chrome.exe 372 chrome.exe 372 chrome.exe 372 chrome.exe 372 chrome.exe 372 chrome.exe 372 chrome.exe 372 chrome.exe 372 chrome.exe 372 chrome.exe 372 chrome.exe 372 chrome.exe 372 chrome.exe 372 chrome.exe 372 chrome.exe 372 chrome.exe 372 chrome.exe 372 chrome.exe 372 chrome.exe 372 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 372 chrome.exe 372 chrome.exe 372 chrome.exe 372 chrome.exe 372 chrome.exe 372 chrome.exe 372 chrome.exe 372 chrome.exe 372 chrome.exe 372 chrome.exe 372 chrome.exe 372 chrome.exe 372 chrome.exe 372 chrome.exe 372 chrome.exe 372 chrome.exe 372 chrome.exe 372 chrome.exe 372 chrome.exe 372 chrome.exe 372 chrome.exe 372 chrome.exe 372 chrome.exe 372 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 372 wrote to memory of 1428 372 chrome.exe 76 PID 372 wrote to memory of 1428 372 chrome.exe 76 PID 372 wrote to memory of 4680 372 chrome.exe 78 PID 372 wrote to memory of 4680 372 chrome.exe 78 PID 372 wrote to memory of 4680 372 chrome.exe 78 PID 372 wrote to memory of 4680 372 chrome.exe 78 PID 372 wrote to memory of 4680 372 chrome.exe 78 PID 372 wrote to memory of 4680 372 chrome.exe 78 PID 372 wrote to memory of 4680 372 chrome.exe 78 PID 372 wrote to memory of 4680 372 chrome.exe 78 PID 372 wrote to memory of 4680 372 chrome.exe 78 PID 372 wrote to memory of 4680 372 chrome.exe 78 PID 372 wrote to memory of 4680 372 chrome.exe 78 PID 372 wrote to memory of 4680 372 chrome.exe 78 PID 372 wrote to memory of 4680 372 chrome.exe 78 PID 372 wrote to memory of 4680 372 chrome.exe 78 PID 372 wrote to memory of 4680 372 chrome.exe 78 PID 372 wrote to memory of 4680 372 chrome.exe 78 PID 372 wrote to memory of 4680 372 chrome.exe 78 PID 372 wrote to memory of 4680 372 chrome.exe 78 PID 372 wrote to memory of 4680 372 chrome.exe 78 PID 372 wrote to memory of 4680 372 chrome.exe 78 PID 372 wrote to memory of 4680 372 chrome.exe 78 PID 372 wrote to memory of 4680 372 chrome.exe 78 PID 372 wrote to memory of 4680 372 chrome.exe 78 PID 372 wrote to memory of 4680 372 chrome.exe 78 PID 372 wrote to memory of 4680 372 chrome.exe 78 PID 372 wrote to memory of 4680 372 chrome.exe 78 PID 372 wrote to memory of 4680 372 chrome.exe 78 PID 372 wrote to memory of 4680 372 chrome.exe 78 PID 372 wrote to memory of 4680 372 chrome.exe 78 PID 372 wrote to memory of 4680 372 chrome.exe 78 PID 372 wrote to memory of 4680 372 chrome.exe 78 PID 372 wrote to memory of 4680 372 chrome.exe 78 PID 372 wrote to memory of 4680 372 chrome.exe 78 PID 372 wrote to memory of 4680 372 chrome.exe 78 PID 372 wrote to memory of 4680 372 chrome.exe 78 PID 372 wrote to memory of 4680 372 chrome.exe 78 PID 372 wrote to memory of 4680 372 chrome.exe 78 PID 372 wrote to memory of 4680 372 chrome.exe 78 PID 372 wrote to memory of 5012 372 chrome.exe 79 PID 372 wrote to memory of 5012 372 chrome.exe 79 PID 372 wrote to memory of 2356 372 chrome.exe 80 PID 372 wrote to memory of 2356 372 chrome.exe 80 PID 372 wrote to memory of 2356 372 chrome.exe 80 PID 372 wrote to memory of 2356 372 chrome.exe 80 PID 372 wrote to memory of 2356 372 chrome.exe 80 PID 372 wrote to memory of 2356 372 chrome.exe 80 PID 372 wrote to memory of 2356 372 chrome.exe 80 PID 372 wrote to memory of 2356 372 chrome.exe 80 PID 372 wrote to memory of 2356 372 chrome.exe 80 PID 372 wrote to memory of 2356 372 chrome.exe 80 PID 372 wrote to memory of 2356 372 chrome.exe 80 PID 372 wrote to memory of 2356 372 chrome.exe 80 PID 372 wrote to memory of 2356 372 chrome.exe 80 PID 372 wrote to memory of 2356 372 chrome.exe 80 PID 372 wrote to memory of 2356 372 chrome.exe 80 PID 372 wrote to memory of 2356 372 chrome.exe 80 PID 372 wrote to memory of 2356 372 chrome.exe 80 PID 372 wrote to memory of 2356 372 chrome.exe 80 PID 372 wrote to memory of 2356 372 chrome.exe 80 PID 372 wrote to memory of 2356 372 chrome.exe 80 PID 372 wrote to memory of 2356 372 chrome.exe 80 PID 372 wrote to memory of 2356 372 chrome.exe 80
Processes
-
C:\Users\Admin\AppData\Local\Temp\cvnwzmammv.harmless.exe"C:\Users\Admin\AppData\Local\Temp\cvnwzmammv.harmless.exe"1⤵PID:2216
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x2f41⤵
- Suspicious use of AdjustPrivilegeToken
PID:4928
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:372 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd8,0xdc,0xe0,0xb4,0xe4,0x7fff58f59758,0x7fff58f59768,0x7fff58f597782⤵PID:1428
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1728,i,17098634743426191983,7296444509041118321,131072 /prefetch:22⤵PID:4680
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=1728,i,17098634743426191983,7296444509041118321,131072 /prefetch:82⤵PID:5012
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2064 --field-trial-handle=1728,i,17098634743426191983,7296444509041118321,131072 /prefetch:82⤵PID:2356
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3064 --field-trial-handle=1728,i,17098634743426191983,7296444509041118321,131072 /prefetch:12⤵PID:2292
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3196 --field-trial-handle=1728,i,17098634743426191983,7296444509041118321,131072 /prefetch:12⤵PID:4732
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4004 --field-trial-handle=1728,i,17098634743426191983,7296444509041118321,131072 /prefetch:12⤵PID:3676
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4436 --field-trial-handle=1728,i,17098634743426191983,7296444509041118321,131072 /prefetch:82⤵PID:4104
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4540 --field-trial-handle=1728,i,17098634743426191983,7296444509041118321,131072 /prefetch:82⤵PID:4088
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3968 --field-trial-handle=1728,i,17098634743426191983,7296444509041118321,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:612
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2948
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\9df4888e-971f-45c0-a90c-076b345871af.tmp
Filesize6KB
MD55f3e488bda6f3b5092f2889994682197
SHA1a5c3bf20ef2db6e85c8b3d445e8fddbc77644fba
SHA2565e2cc7511d9663124b8a0691a0463633b87d6f23da2e3a18dafeb91f6d42f863
SHA51216060d618994fc31ae84ef9cab9d45988899a2ad00996f9b435f12b9d7a8f53814870fb26f90b2940ffd927889f884569203b1ec1c988efe614537b89a9fe096
-
Filesize
6KB
MD5714099ddd433b4c1532e7dc6f209ffcb
SHA1bb9e26c97ecc2f19f8924df9617cd20151531ba6
SHA25652fa0dbbe4ef5c522469cf479b3ee3e467b21ce69b80e611e3872636733dfaca
SHA512635affcefa6c7a3c1c94651d3d9ee0ff1c4d633fcddf5bc8e8b266a6320034c2ba5718087cc8957da37c143a478b51022cfd87f0531b18a0844e8e3f476506de
-
Filesize
130KB
MD558332ada07f9c1180942cef30536f8f0
SHA1a562d50d20dae4d4d9250631a283a7c4471e8ae3
SHA2560803f47600ef1df7301962a9759829c70b19ca78debbf6b128e14233e5fab2d9
SHA512a17b214126a8146838b8a6a0a23d228469d834a2ef39af15d8b993b147f83d696cc5724f137920e82250689635ae699bf4a9a80d2a62c732e875ce16530e9ee9
-
Filesize
130KB
MD55ccc02a9d56dd525b978156c5c300122
SHA1418a8f3317176717534a4e51cc3fa961f91a6bd2
SHA256a3de082b7b7efb21340a6ec42108ea6f4abe83daccc7b8b6d1796c18ed381bd7
SHA512defa3da76286c0b99b9cee92766107336527bbbff655a3481364cedd60c96bd77c84a8c6433f01d28a8ffc1348a8d705753996ab50e40c5c44a11605a9e883ac
-
Filesize
130KB
MD52abb5ed4026dda298554ff86e441a707
SHA1dd9c06c87436bb3c48bc69cb738547b56d29616d
SHA2567b455257ebbd79b4eb01519937e57ea78719b87a06f4796911ab202d07054fb9
SHA5128ecb8a853a0b0187ba211b0c2be0f38135c8f5221272f29b46b8e1817ea995d9682f995ba3baa19cc47b8bc88f651d0ebebd39372a21b568796f0aec0344017e
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd