Where it was alerted: https://urlhaus.abuse.ch/url/213307/
20 engines detect: https://www.virustotal.com/gui/file/01fe2883e8a0611bbb7c6c93248f1606582c1a4cfc1c430d2749c5ac2b1f8885/detection and avast as Win32:CrypterX-gen [Trj]
where it stems from: https://www.shodan.io/host/185.164.72.213
listed here: https://www.hashdd.com/hashdd/twitter-hashddbot/
Analysis of likewise malware: https://any.run/report/a32a9643875dba7103373d1da1cf6943c4649c72d7c3efd5e592a5868dd4feb5/b6564815-1438-407e-93fc-cd0922db0083
and yet another one from that same IP: https://www.maltiverse.com/url/e8bc97e0c9c69bed3779cec4486677b8135b7de487127509142e9ca3cfd9b093
polonus