Static task
static1
Behavioral task
behavioral1
Sample
Windows_AFD_LPE_CVE-2023-21768.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Windows_AFD_LPE_CVE-2023-21768.exe
Resource
win10v2004-20230220-en
General
-
Target
Windows_AFD_LPE_CVE-2023-21768.exe
-
Size
72KB
-
MD5
31ba01cf8074cbba42484f00771e0d58
-
SHA1
044a7c4cb04d1c31102a62d605af0cf399a12c03
-
SHA256
e4cce354f0f3b968893f388097787b4c71bb29e0591bfa2e05f88653c8acd959
-
SHA512
388f181ab498d5e3a64c8908e43d71bbddb7afdd7b4860d5725b261501df3baac092a6ef69a4c6dd376b29beb22587898e377cd29445f0c8aab7481596edf5fa
-
SSDEEP
768:O8OlHFE8HDnldyYGtpKBkY+eExx8B/DAC9:OjleqblOTc+5x2BL
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Windows_AFD_LPE_CVE-2023-21768.exe
Files
-
Windows_AFD_LPE_CVE-2023-21768.exe.exe windows x64
d16ad886dc3a3a834338fbddd5b78aec
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
CloseHandle
GetLastError
CreateEventW
VirtualAlloc
VirtualFree
GetModuleHandleA
GetProcAddress
CreateFileW
ReadFile
WriteFile
CreateNamedPipeW
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
GetCurrentProcessId
OpenProcess
CreateIoRing
SubmitIoRing
PopIoRingCompletion
BuildIoRingReadFile
BuildIoRingWriteFile
IsDebuggerPresent
RaiseException
MultiByteToWideChar
WideCharToMultiByte
GetCurrentThreadId
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FreeLibrary
VirtualQuery
GetModuleHandleW
GetStartupInfoW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
vcruntime140d
__vcrt_GetModuleHandleW
__vcrt_GetModuleFileNameW
__current_exception_context
memcpy
__current_exception
__C_specific_handler_noexcept
__C_specific_handler
memset
__vcrt_LoadLibraryExW
__std_type_info_destroy_list
ucrtbased
_register_thread_local_exe_atexit_callback
_configthreadlocale
_set_new_mode
__p__commode
strcpy_s
strcat_s
__stdio_common_vsprintf_s
_seh_filter_dll
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
terminate
_wmakepath_s
_wsplitpath_s
wcscpy_s
_c_exit
_cexit
__p___argv
__p___argc
_set_fmode
_exit
exit
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
__setusermatherr
_set_app_type
_seh_filter_exe
_CrtDbgReportW
_CrtDbgReport
strtol
wcslen
__stdio_common_vfprintf
__acrt_iob_func
_initterm_e
Sections
.textbss Size: - Virtual size: 64KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.text Size: 38KB - Virtual size: 38KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 15KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.msvcjmc Size: 1024B - Virtual size: 656B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.00cfg Size: 512B - Virtual size: 373B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 719B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ