Windows

Cmstp.exeCmstp.exe

Platform
Windows
Abuse functions
3
Mapped techniques
1

Description

Cmstp.exe is a Windows living-off-the-land binary catalogued by the LOLBAS Project. Documented abuse functions: Execute, AWL Bypass. Mapped ATT&CK techniques (per LOLBAS / GTFOBins → MITRE crosswalk): T1218. Defenders should monitor execution of Cmstp.exe under non-administrative or sudo contexts and alert when its arguments match the abuse-function signatures.

Abuse functions· 3

ExecuteT1218.003

Execute code hidden within an inf file. Download and run scriptlets from internet.

AWL BypassT1218.003

Execute code hidden within an inf file. Execute code directly from Internet.

ExecuteT1218.003

Proxy execution of a malicious DLL via registry modification.

MITRE ATT&CK techniques· 1

T1218.003

Uses1

TypeTargetConfidenceTier
SubTechniqueCMSTPt1218.003100%live

Abuses1

TypeTargetConfidenceTier
TechniqueSystem Binary Proxy Executiont121885%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

LOLbin
csi.exe
LOLbin
Msdt.exe
LOLbin
Cmd.exe
LOLbin
cmdl32.exe
LOLbin
Csc.exe
Sub-technique
CMSTP
Sourced from LOLBAS Project. Curated by Adam Lundqvist, SQUR.