Security experts from Trend Micro Identified a new crypto miner which uses Fileless Techniques. It uses Windows Management Instrumentation for fileless persistence and uses scrcons to execute its scripts. In order to enter into the system, it uses EternalBlue vulnerability MS17-010. This combination makes malware more powerful. The infection flow of this cryptocurrency miner malware has many stages of infection flow. If a machine doesnt want access to WMI, disable it to eliminate the chance. Microsoft provides a tool which will trace WMI activity.”]
Source: https://gbhackers.com/fileless-malware-wmi-eternalblue/