public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-06-20 10:35:57 +02:00
Code Issues Projects Releases Wiki Activity

Update Mmc.yml (#437)

Browse Source 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
This commit is contained in:
Fred Cyber Security 2025-06-01 14:04:47 +02:00 committed by GitHub
parent e31a869ae4
commit d6e3d7016d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
yml/OSBinaries/Mmc.yml
View File

@ -22,6 +22,15 @@ Commands:
OperatingSystem: Windows 10 (and possibly earlier versions), Windows 11
Tags:
- Execute: DLL
- Command: mmc.exe -Embedding {PATH_ABSOLUTE:.msc}
Description: Download and save an executable to disk
Usecase: Download file from Internet
Category: Download
Privileges: User
MitreID: T1218.014
OperatingSystem: Windows 10 (and possibly earlier versions), Windows 11
Tags:
- Application: GUI
Full_Path:
- Path: C:\Windows\System32\mmc.exe
- Path: C:\Windows\SysWOW64\mmc.exe
@ -31,8 +40,10 @@ Detection:
Resources:
- Link: https://bohops.com/2018/08/18/abusing-the-com-registry-structure-part-2-loading-techniques-for-evasion-and-persistence/
- Link: https://offsec.almond.consulting/UAC-bypass-dotnet.html
- Link: https://www.youtube.com/watch?v=LFgZOTmhzeA
Acknowledgement:
- Person: Jimmy
Handle: '@bohops'
- Person: clem
Handle: '@clavoillotte'
- Person: Fredrik H. Brathen