Exploiting Exchange PowerShell After ProxyNotShell: Part 3 – DLL Loading Chain for RCE
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 17131007-2eb5-4bd0-8f9e-1521eaf44363 |
| Fingerprint | 1d649a13f2a51bad |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Sept. 19, 2024, 6:10 p.m. |
| Added to db | Sept. 19, 2024, 9:09 p.m. |
| Last updated | Nov. 15, 2024, 9:31 p.m. |
| Headline | Exploiting Exchange PowerShell After ProxyNotShell: Part 3 – DLL Loading Chain for RCE |
| Title | Exploiting Exchange PowerShell After ProxyNotShell: Part 3 – DLL Loading Chain for RCE |
| Detected Hints/Tags/Attributes | 45/1/37 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 158 | ✔ | Malware Analysis, News and Indicators - Latest topics | https://malware.news/latest.rss | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 5 | cve-2023-36744 |
|
| Details | CVE | 6 | cve-2023-36777 |
|
| Details | CVE | 8 | cve-2023-36745 |
|
| Details | Domain | 47 | microsoft.exchange |
|
| Details | Domain | 7 | microsoft.build |
|
| Details | File | 2 | paxos.dll |
|
| Details | File | 2 | f.cab |
|
| Details | File | 1 | picture1.png |
|
| Details | File | 103 | test.txt |
|
| Details | File | 9 | dump.exe |
|
| Details | File | 3 | poc.dll |
|
| Details | File | 2 | c:\windows\temp\f66aa138-fda9-4758-a733-1295ee2664e3\a\poc.dll |
|
| Details | File | 1 | picture2.png |
|
| Details | File | 2 | ijwhost.dll |
|
| Details | File | 1 | picture3.png |
|
| Details | File | 2 | tzt.dmp |
|
| Details | File | 1 | picture4.png |
|
| Details | File | 1 | picture5.png |
|
| Details | File | 1 | picture6.png |
|
| Details | File | 2 | c:\windows\logs\dpx\setupact.log |
|
| Details | File | 1 | picture7.png |
|
| Details | File | 4 | setupact.log |
|
| Details | File | 2 | i.cab |
|
| Details | File | 2 | t.cab |
|
| Details | File | 1 | picture8.png |
|
| Details | File | 22 | build.exe |
|
| Details | File | 1 | picture9.png |
|
| Details | IPv4 | 2 | 192.168.123.104 |
|
| Details | Url | 1 | https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/17bac43f-b67c-4dc9-a975-9b0c2c493919/picture1.png?format=1000w |
|
| Details | Url | 1 | https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/21b45402-adc5-428a-89b4-250cb2a90c52/picture2.png?format=1000w |
|
| Details | Url | 1 | https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/2bc9cabd-f67a-4d58-a9f0-b51cf4a4b297/picture3.png?format=1000w |
|
| Details | Url | 1 | https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/d4f431bc-5277-4446-9b2d-d60eb063e8dc/picture4.png?format=1000w |
|
| Details | Url | 1 | https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/32f1c6f7-48d9-4eb3-adad-caef8b6a6c98/picture5.png?format=1000w |
|
| Details | Url | 1 | https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/3f638c6d-271f-492a-9cf2-1ccc4485b1c2/picture6.png?format=1000w |
|
| Details | Url | 1 | https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/75993915-4ec8-4f43-b080-052e7003a166/picture7.png?format=1000w |
|
| Details | Url | 1 | https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/200c4a21-1b96-4fb0-8abc-9fb91fd2ca05/picture8.png?format=1000w |
|
| Details | Url | 1 | https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/3d31ae3f-0000-4ed9-bd9a-93e72239268c/picture9.png?format=1000w |