Analysis

  • max time kernel
    439s
  • max time network
    1164s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    10-09-2024 07:42

General

  • Target

    PhoenixMiner_6.2c_Windows/11_ethereum-classic-hashcity.bat

  • Size

    191B

  • MD5

    783155807c03c338ce75e887d852e3f6

  • SHA1

    5dd872635b03eca5182fea0f3c53dd983e69aa43

  • SHA256

    86875ddebe3ab71658e957a7ae1d9b0ed1d0046e882012fcab181b7f434df0c6

  • SHA512

    f1b96d080a04c4150fffbb33a73c526628b8ad9b5474b919b238999be037b77fe6ea408d636e5886fcb01c86a52c9f1da32825d13ae17ce351d4aefd258abd49

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\PhoenixMiner_6.2c_Windows\11_ethereum-classic-hashcity.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5432
    • C:\Users\Admin\AppData\Local\Temp\PhoenixMiner_6.2c_Windows\PhoenixMiner.exe
      PhoenixMiner.exe -pool etc.hashcity.org:8888 -wal Identlc_IdIlya.worker -epsw x -mode 1 -Rmode 1 -log 0 -mport 0 -etha 0 -retrydelay 1 -ftime 55 -tt 79 -tstop 89 -tstart 79 -coin etc
      2⤵
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      PID:3656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads