Overview

overview

3

Static

static

1

Vantage/Vantage.py

windows11-21h2-x64

3

Vantage/run.bat

windows11-21h2-x64

1

Resubmissions

07/08/2024, 20:51

240807-zm4r4axdpc 1

07/08/2024, 20:49

240807-zl6v3atflr 3

07/08/2024, 20:43

240807-zhyehsxcrf 8

Analysis

  • max time kernel
    147s
  • max time network
    150s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    07/08/2024, 20:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Vantage/run.bat

  • Size

    50B

  • MD5

    c4d85e9f45ddc3a7dd196477ea1ad742

  • SHA1

    5f09ead76fede7b50a7171d74fec287a22ab0dc9

  • SHA256

    7590a48a4b70e26a36b7bfb9ac4f00ca4b25a0bdd1db6745c2a72f4831a001a3

  • SHA512

    efbf8a8c0d0140d076a39262a47a6cf557e5cf7696e1f3f37d182dd096b96f62744610d8943b9d58cd2d63f066b2ef9d4eeb3363ba564a5d494970da04dc619b

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Vantage\run.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2496
    • C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
      python Vantage.py
      2⤵
        PID:1588

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads