public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2024-12-30 16:54:00 +01:00
Code Issues Projects Releases Wiki Activity

Update Ttdinject.yml Tags:

Browse Source
This commit is contained in:
hegusung 2024-10-13 17:15:47 +02:00 committed by GitHub
parent d6e2244165
commit 7d9ce4b53a
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
yml/OSBinaries/Ttdinject.yml
View File

@ -11,6 +11,8 @@ Commands:
Privileges: Administrator Privileges: Administrator
MitreID: T1127 MitreID: T1127
OperatingSystem: Windows 10 2004 and above, Windows 11 OperatingSystem: Windows 10 2004 and above, Windows 11
Tags:
- Execute: EXE
- Command: ttdinject.exe /ClientScenario TTDRecorder /ddload 0 /ClientParams "7 tmp.run 0 0 0 0 0 0 0 0 0 0" /launch "C:/Windows/System32/calc.exe" - Command: ttdinject.exe /ClientScenario TTDRecorder /ddload 0 /ClientParams "7 tmp.run 0 0 0 0 0 0 0 0 0 0" /launch "C:/Windows/System32/calc.exe"
Description: Execute calc using ttdinject.exe. Requires administrator privileges. A log file will be created in tmp.run. The log file can be changed, but the length (7) has to be updated. Description: Execute calc using ttdinject.exe. Requires administrator privileges. A log file will be created in tmp.run. The log file can be changed, but the length (7) has to be updated.
Usecase: Spawn process using other binary Usecase: Spawn process using other binary
@ -18,6 +20,8 @@ Commands:
Privileges: Administrator Privileges: Administrator
MitreID: T1127 MitreID: T1127
OperatingSystem: Windows 10 1909 and below OperatingSystem: Windows 10 1909 and below
Tags:
- Execute: EXE
Full_Path: Full_Path:
- Path: C:\Windows\System32\ttdinject.exe - Path: C:\Windows\System32\ttdinject.exe
- Path: C:\Windows\Syswow64\ttdinject.exe - Path: C:\Windows\Syswow64\ttdinject.exe