Overview
overview
7Static
static
3Vantage/Vantage.py
windows11-21h2-x64
3Vantage/bu...ge.pkg
windows11-21h2-x64
3encodings/cp775.pyc
windows11-21h2-x64
3encodings/cp850.pyc
windows11-21h2-x64
3encodings/cp852.pyc
windows11-21h2-x64
3encodings/cp855.pyc
windows11-21h2-x64
3encodings/cp856.pyc
windows11-21h2-x64
3encodings/cp857.pyc
windows11-21h2-x64
3encodings/cp858.pyc
windows11-21h2-x64
3encodings/cp860.pyc
windows11-21h2-x64
3encodings/cp861.pyc
windows11-21h2-x64
3encodings/cp862.pyc
windows11-21h2-x64
3encodings/cp863.pyc
windows11-21h2-x64
3encodings/cp864.pyc
windows11-21h2-x64
3encodings/cp865.pyc
windows11-21h2-x64
3encodings/cp866.pyc
windows11-21h2-x64
3encodings/cp869.pyc
windows11-21h2-x64
3encodings/cp874.pyc
windows11-21h2-x64
3encodings/cp875.pyc
windows11-21h2-x64
3encodings/cp932.pyc
windows11-21h2-x64
3encodings/cp949.pyc
windows11-21h2-x64
3encodings/cp950.pyc
windows11-21h2-x64
3encodings/...04.pyc
windows11-21h2-x64
3encodings/...13.pyc
windows11-21h2-x64
3Vantage/bu...ve.pyc
windows11-21h2-x64
3Vantage/bu...rs.pyc
windows11-21h2-x64
3Vantage/bu...es.pyc
windows11-21h2-x64
3Vantage/bu...32.pyc
windows11-21h2-x64
3Vantage/bu...ct.pyc
windows11-21h2-x64
3Vantage/bu...e.html
windows11-21h2-x64
1Vantage/di...ge.exe
windows11-21h2-x64
7Vantage/run.bat
windows11-21h2-x64
1Analysis
-
max time kernel
148s -
max time network
161s -
platform
windows11-21h2_x64 -
resource
win11-20240221-en -
resource tags
arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system -
submitted
22-02-2024 19:07
Behavioral task
behavioral1
Sample
Vantage/Vantage.py
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral2
Sample
Vantage/build/Vantage/Vantage.pkg
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral3
Sample
encodings/cp775.pyc
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral4
Sample
encodings/cp850.pyc
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral5
Sample
encodings/cp852.pyc
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral6
Sample
encodings/cp855.pyc
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral7
Sample
encodings/cp856.pyc
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral8
Sample
encodings/cp857.pyc
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral9
Sample
encodings/cp858.pyc
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral10
Sample
encodings/cp860.pyc
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral11
Sample
encodings/cp861.pyc
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral12
Sample
encodings/cp862.pyc
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral13
Sample
encodings/cp863.pyc
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral14
Sample
encodings/cp864.pyc
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral15
Sample
encodings/cp865.pyc
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral16
Sample
encodings/cp866.pyc
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral17
Sample
encodings/cp869.pyc
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral18
Sample
encodings/cp874.pyc
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral19
Sample
encodings/cp875.pyc
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral20
Sample
encodings/cp932.pyc
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral21
Sample
encodings/cp949.pyc
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral22
Sample
encodings/cp950.pyc
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral23
Sample
encodings/euc_jis_2004.pyc
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral24
Sample
encodings/euc_jisx0213.pyc
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral25
Sample
Vantage/build/Vantage/localpycs/pyimod01_archive.pyc
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral26
Sample
Vantage/build/Vantage/localpycs/pyimod02_importers.pyc
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral27
Sample
Vantage/build/Vantage/localpycs/pyimod03_ctypes.pyc
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral28
Sample
Vantage/build/Vantage/localpycs/pyimod04_pywin32.pyc
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral29
Sample
Vantage/build/Vantage/localpycs/struct.pyc
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral30
Sample
Vantage/build/Vantage/xref-Vantage.html
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral31
Sample
Vantage/dist/Vantage.exe
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral32
Sample
Vantage/run.bat
Resource
win11-20240221-en
windows11-21h2-x64
General
-
Target
Vantage/run.bat
-
Size
50B
-
MD5
c4d85e9f45ddc3a7dd196477ea1ad742
-
SHA1
5f09ead76fede7b50a7171d74fec287a22ab0dc9
-
SHA256
7590a48a4b70e26a36b7bfb9ac4f00ca4b25a0bdd1db6745c2a72f4831a001a3
-
SHA512
efbf8a8c0d0140d076a39262a47a6cf557e5cf7696e1f3f37d182dd096b96f62744610d8943b9d58cd2d63f066b2ef9d4eeb3363ba564a5d494970da04dc619b
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3168 wrote to memory of 1388 3168 cmd.exe 81 PID 3168 wrote to memory of 1388 3168 cmd.exe 81 PID 3168 wrote to memory of 1388 3168 cmd.exe 81
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Vantage\run.bat"1⤵
- Suspicious use of WriteProcessMemory
PID:3168 -
C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exepython Vantage.py2⤵PID:1388
-