Windows

adplus.exeadplus.exe

Platform
Windows
Abuse functions
4
Mapped techniques
2

Description

adplus.exe is a Windows living-off-the-land binary catalogued by the LOLBAS Project. Documented abuse functions: Dump, Execute. Mapped ATT&CK techniques (per LOLBAS / GTFOBins → MITRE crosswalk): T1003, T1218. Defenders should monitor execution of adplus.exe under non-administrative or sudo contexts and alert when its arguments match the abuse-function signatures.

Abuse functions· 4

Create memory dump and parse it offline

ExecuteT1127

Run commands under a trusted Microsoft signed binary

Run commands under a trusted Microsoft signed binary

ExecuteT1127

Run commands under a trusted Microsoft signed binary

MITRE ATT&CK techniques· 2

T1003.001T1127

Uses2

TypeTargetConfidenceTier
SubTechniqueLSASS Memoryt1003.001100%live
TechniqueTrusted Developer Utilities Proxy Executiont1127100%live

Abuses2

TypeTargetConfidenceTier
TechniqueOS Credential Dumpingt100385%live
TechniqueSystem Binary Proxy Executiont121885%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

LOLbin
Advpack.dll
LOLbin
AddinUtil.exe
LOLbin
Control.exe
LOLbin
Extrac32.exe
LOLbin
At.exe
LOLbin
Expand.exe
Sourced from LOLBAS Project. Curated by Adam Lundqvist, SQUR.