Windows

Control.exeControl.exe

Platform
Windows
Abuse functions
2
Mapped techniques
1

Description

Control.exe is a Windows living-off-the-land binary catalogued by the LOLBAS Project. Documented abuse functions: ADS, Execute. Mapped ATT&CK techniques (per LOLBAS / GTFOBins → MITRE crosswalk): T1218, T1564.004. Defenders should monitor execution of Control.exe under non-administrative or sudo contexts and alert when its arguments match the abuse-function signatures.

Abuse functions· 2

Can be used to evade defensive countermeasures or to hide as a persistence mechanism

ExecuteT1218.002

Use to execute code and bypass application whitelisting

MITRE ATT&CK techniques· 1

T1218.002

Uses1

TypeTargetConfidenceTier
SubTechniqueControl Panelt1218.002100%live

Abuses2

TypeTargetConfidenceTier
SubTechniqueNTFS File Attributest1564.00490%live
TechniqueSystem Binary Proxy Executiont121885%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

LOLbin
Conhost.exe
LOLbin
At.exe
LOLbin
te.exe
LOLbin
Remote.exe
LOLbin
Rundll32.exe
LOLbin
AgentExecutor.exe
Sourced from LOLBAS Project. Curated by Adam Lundqvist, SQUR.