Analysis

  • max time kernel
    437s
  • max time network
    1160s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    10-09-2024 07:42

General

  • Target

    PhoenixMiner_6.2c_Windows/9_ethereum-classic-emcd.bat

  • Size

    188B

  • MD5

    8d9dba2e8ed201bbbed59824bea99c94

  • SHA1

    8132aae0aec251a499c98d4e36a12c24e0e2ff54

  • SHA256

    538f8628a5ccf79ff48d3c5af69a2fad1272f8580b0e6fd6cb7955af5f4d9770

  • SHA512

    84ded397ada9a7790d4bd8b20e730fc53d24077febc6d25040b1630634b803a0d49d8dd22053e843bb675d896082a4e86a4f3d0af32981748aa70c0d4840004d

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\PhoenixMiner_6.2c_Windows\9_ethereum-classic-emcd.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4300
    • C:\Users\Admin\AppData\Local\Temp\PhoenixMiner_6.2c_Windows\PhoenixMiner.exe
      PhoenixMiner.exe -pool stratum+tcp://eu.emcd.io:7878 -wal gpf.worker -epsw x -mode 1 -Rmode 1 -log 0 -mport 0 -etha 0 -retrydelay 1 -ftime 55 -tt 79 -tstop 89 -tstart 79 -coin etc
      2⤵
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      PID:3804

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads