SHA256 - 04cc92b4e0f79ba841ba3c76651c8968d6525d4805829dd875f7a34034ffa460

MD5 - 8a971e9fe9fa2c3005ee1eb9c143b331

Language - c/c++

The link below has network moitoring and iocs related to the suspicous IP.

VirusTotal

Static Analysis

image.png

Strings

A
dmin\\AppData\\Local\\Temp
TMP=C:\\Users\\Admin\\AppData\\Local\\Temp
USERDOMAIN=THZSENLF
USERDOMAIN_ROAMINGPROFILE=THZSENLF
USERNAME=Admin
USERPRx
dmin\\AppData\\Local\\Temp
TMP=C:\\Users\\Admin\\AppData\\Local\\Temp
USERDOMAIN=THZSENLF
USERDOMAIN_ROAMINGPROFILE=THZSENLF
USERNAME=Admin
USERPROFILE=C:\\Users\\Admin
windir=C:\\
ltraDefrag
USERDOMAIN=WIN10
USERDOMAIN_ROAMINGPROFILE=WIN10
USERNAME=maxine
USERPROFI
OWS\\System32\\Wbem;C:\\WINDOWS\\System32\\WindowsPowerShell\\v1.0\\;C:\\WINDOW
ltraDefrag
USERDOMAIN=WIN10
USERDOMAIN_ROAMINGPROFILE=WIN10
USERNAME=maxine
USERPROFILE=C:\\Users\\maxine
windir=C:\\Wind
min\\AppData\\Local\\Temp
TMP=C:\\Users\\Admin\\AppData\\Local\\Te
ltraDefrag
USERDOMAIN=WIN
min\\AppData\\Local\\Temp
TMP=C:\\Users\\Admin\\AppData\\Local\\Temp
USERDOMAIN=GJWRVADZ
USERDOMAIN_ROAMINGPROFILE=GJWRVADZ
min\\AppData\\Local\\Temp
TMP=C:\\Users\\Admin\\AppData\\Local\\Temp
USERDOMAIN=GJWRVADZ
USERDOMAIN_ROAMINGPROFILE=GJWRVADZ
USERNAME=Admin
USERPROFILE=C:\\Users\\Admin
windir=C:\\Win

IATS

 	LoadLibraryA
	GetProcAddress
	VirtualProtect
	VirtualAlloc
	VirtualFree
	ExitProcess

Dynamic Analysis

Network IOCs:

Malicious IP -

107.163.241.232

image.png

WireShark: