mirror of
https://github.com/LOLBAS-Project/LOLBAS
synced 2025-01-14 15:51:41 +01:00
18 lines
500 B
YAML
18 lines
500 B
YAML
---
|
|
Name: winword.exe
|
|
Description: Execute
|
|
Author: ''
|
|
Created: '2018-05-25'
|
|
Categories: []
|
|
Commands:
|
|
- Command: winword.exe /l dllfile.dll
|
|
Description: Launch DLL payload.
|
|
Full Path:
|
|
- c:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
|
Code Sample: []
|
|
Detection: []
|
|
Resources:
|
|
- https://twitter.com/vysecurity/status/884755482707210241
|
|
- https://twitter.com/Hexacorn/status/885258886428725250
|
|
Notes: Thanks to Vincent Yiu - @@vysecurity (Cmd), Adam - @Hexacorn (Internals)
|