SHA256 - 04cc92b4e0f79ba841ba3c76651c8968d6525d4805829dd875f7a34034ffa460

MD5 - 8a971e9fe9fa2c3005ee1eb9c143b331

Language - c/c++

The link below has network moitoring and iocs related to the suspicous IP.

VirusTotal

Static Analysis

image.png

Strings

A
dmin\AppData\Local\Temp
TMP=C:\Users\Admin\AppData\Local\Temp
USERDOMAIN=THZSENLF
USERDOMAIN_ROAMINGPROFILE=THZSENLF
USERNAME=Admin
USERPRx
dmin\AppData\Local\Temp
TMP=C:\Users\Admin\AppData\Local\Temp
USERDOMAIN=THZSENLF
USERDOMAIN_ROAMINGPROFILE=THZSENLF
USERNAME=Admin
USERPROFILE=C:\Users\Admin
windir=C:\
ltraDefrag
USERDOMAIN=WIN10
USERDOMAIN_ROAMINGPROFILE=WIN10
USERNAME=maxine
USERPROFI
OWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOW
ltraDefrag
USERDOMAIN=WIN10
USERDOMAIN_ROAMINGPROFILE=WIN10
USERNAME=maxine
USERPROFILE=C:\Users\maxine
windir=C:\Wind
min\AppData\Local\Temp
TMP=C:\Users\Admin\AppData\Local\Te
ltraDefrag
USERDOMAIN=WIN
min\AppData\Local\Temp
TMP=C:\Users\Admin\AppData\Local\Temp
USERDOMAIN=GJWRVADZ
USERDOMAIN_ROAMINGPROFILE=GJWRVADZ
min\AppData\Local\Temp
TMP=C:\Users\Admin\AppData\Local\Temp
USERDOMAIN=GJWRVADZ
USERDOMAIN_ROAMINGPROFILE=GJWRVADZ
USERNAME=Admin
USERPROFILE=C:\Users\Admin
windir=C:\Win

IATS

 	LoadLibraryA
	GetProcAddress
	VirtualProtect
	VirtualAlloc
	VirtualFree
	ExitProcess

Dynamic Analysis

Network IOCs:

Malicious IP -

107.163.241.232

image.png

WireShark: