Jump to content

Q: Exploit payload process blocked?


Recommended Posts

Saw a message about a blocked exploit but really this doesn't really provide any useful info.

As the exploit is classified as "generic" and the exploit as far as I can tell was an echo command....  what process parent (chain of processes) ran this and why is an echo command an exploit?  I have no idea what this was for as I did not run it myself so something else did but it doesn't seem like it was being | (pipped) or redirected or anything...

the hex in ascii is ã:ßÉ

and in decimal is 3812286409

Doesn't seem to be any MAC / hardware address of anything on my laptop.

If the message about the exploit wasn't so generic and I really can't think of a reason for this having been a command that was run and for what purpose it was run I would just let it go.

Thanks for any further insights on this anyone can think of.

Mario

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 2/19/19
Protection Event Time: 11:34 PM
Log File: f5eaa4a6-34e1-11e9-bbda-705ab6a6fa05.json

-Software Information-
Version: 3.7.1.2839
Components Version: 1.0.538
Update Package Version: 1.0.9322
License: Premium

-System Information-
OS: Windows 10 (Build 17763.316)
CPU: x64
File System: NTFS
User: System

-Exploit Details-
File: 0
(No malicious items detected)

Exploit: 1
Malware.Exploit.Agent.Generic, , Blocked, [0], [392684],0.0.0

-Exploit Data-
Affected Application: cmd
Protection Layer: Application Behavior Protection
Protection Technique: Exploit payload process blocked
File Name: C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe \S \D \c echo E33ADFC9
URL: 



(end)

 

Link to post
Share on other sites

  • 3 weeks later...
  • 1 month later...
  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.