Analysis

  • max time kernel
    436s
  • max time network
    1161s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    10-09-2024 07:42

General

  • Target

    PhoenixMiner_6.2c_Windows/6_Ethereum-classic-hiveon.bat

  • Size

    220B

  • MD5

    2b8e3174df0e5f705ddc6cfbb54d7ff2

  • SHA1

    5ff9410dfb3215fec13b57c89146055f612912a0

  • SHA256

    a3d2ec8d5863fee04e61e419a2ae0763c644f8c0ca32e618d06530ae0127d110

  • SHA512

    0f0ac058ec4a6c73fbd8dfe7f4330158a539f4d2547f45713b3e58024de6a8a6df93b87e4de8590cb03e591c3e1b3d25d33393eae52c85a270fc7e622b9925e6

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • System Time Discovery 1 TTPs 1 IoCs

    Adversary may gather the system time and/or time zone settings from a local or remote system.

  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\PhoenixMiner_6.2c_Windows\6_Ethereum-classic-hiveon.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2444
    • C:\Users\Admin\AppData\Local\Temp\PhoenixMiner_6.2c_Windows\PhoenixMiner.exe
      PhoenixMiner.exe -pool eu-etc.hiveon.net:8888 -wal 0x7b9cc9270cF06889a4286221931D3a58e627F888 -worker Phoenix -epsw x -mode 1 -Rmode 1 -log 0 -mport 0 -etha 0 -retrydelay 1 -ftime 55 -tt 79 -tstop 89 -coin etc
      2⤵
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • System Time Discovery
      PID:2188

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads