public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-11-04 02:29:34 +01:00
Code Issues Projects Releases Wiki Activity

Update Pcwutl.yml

Browse Source
This commit is contained in:
bohops
2018-09-24 14:02:23 -04:00
committed by GitHub
parent d7fd801a4d
commit 6128b4ea62
1 changed files with 9 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
yml/OSLibraries/Pcwutl.yml
View File

@@ -6,21 +6,22 @@ Created: '2018-05-25'
Commands:
- Command: rundll32.exe pcwutl.dll,LaunchApplication calc.exe
Description: Launch executable by calling the LaunchApplication function.
Usecase: Launch an executable.
UseCase: Launch an executable.
Category: Execution
Privileges: User
MitreID: T1085
MItreLink: https://attack.mitre.org/wiki/Technique/T1085
OperatingSystem: Windows
Full Path:
- path: c:\windows\system32\pcwutl.dll
- path: c:\windows\syswow64\pcwutl.dll
- Path: c:\windows\system32\pcwutl.dll
- Path: c:\windows\syswow64\pcwutl.dll
Code Sample:
- ''
Detection: []
- Code: ''
Detection:
- IOC:
Resources:
- resource: https://twitter.com/harr0ey/status/989617817849876488
- resource: https://windows10dll.nirsoft.net/pcwutl_dll.html
- Link: https://twitter.com/harr0ey/status/989617817849876488
- Link: https://windows10dll.nirsoft.net/pcwutl_dll.html
Acknowledgment:
- Person: Matt harr0ey
Handle: '@harr0ey'
Handle: '@harr0ey'