Jump to content

Exploit memory HeapSpray attempt blocked - Internet Explorer


Recommended Posts

We just rolled out the last Anti-Exploit Version: 1.12.2.147 to our test Endpoints

One of the Clients (windows-10 virtual machine) got this alert-message as soon as he tries to open Internet Explorer.

image.png.6a8786ed7515584f1dea6920fb7747ee.png

 

Malwarebytes management server emailed over a notice about this alert every times the client tries to open IE.

Below is the alert-message from Server and attached are the MBAE Logs from that VM.

 

Malwarebytes Management Server Notification

--------------------------------------------

Alert Time: 22.05.2019 10:29:46

Server Hostname: *****

Server Domain/Workgroup: ****

Description:

Exploit threat detected, see details below:

 

22.05.2019 10:28:02     VM****      161.110.7.139     Exploit memory HeapSpray attempt blocked     BLOCK       user    Internet Explorer C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE   Attacked application: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE; Parent process name: iexplore.exe; Layer: Application Hardening; API ID: 900; Address: 0x0D0D78D0; Module: ; AddressType: ; StackTop: 0x0B200000; StackBottom: 0x0B1F2000; StackPointer: ; Extra:

Total count: 1.

 

Could someone tell me what the anti-exploit took exception to? 

Thanks in advance for your help.

logs.7z

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.