Windows

AppCert.exeAppCert.exe

Platform
Windows
Abuse functions
2
Mapped techniques
2

Description

AppCert.exe is a Windows living-off-the-land binary catalogued by the LOLBAS Project. Documented abuse functions: Execute. Mapped ATT&CK techniques (per LOLBAS / GTFOBins → MITRE crosswalk): T1218. Defenders should monitor execution of AppCert.exe under non-administrative or sudo contexts and alert when its arguments match the abuse-function signatures.

Abuse functions· 2

ExecuteT1127

Performs execution of specified file, can be used as a defense evasion

ExecuteT1218.007

Execute custom made MSI file with malicious code

MITRE ATT&CK techniques· 2

T1127T1218.007

Uses2

TypeTargetConfidenceTier
SubTechniqueMsiexect1218.007100%live
TechniqueTrusted Developer Utilities Proxy Executiont1127100%live

Abuses1

TypeTargetConfidenceTier
TechniqueSystem Binary Proxy Executiont121885%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

LOLbin
CertOC.exe
LOLbin
Certutil.exe
LOLbin
CertReq.exe
LOLbin
AppLauncher.exe
LOLbin
AppInstaller.exe
LOLbin
Appvlp.exe
Sourced from LOLBAS Project. Curated by Adam Lundqvist, SQUR.