Windows

Explorer.exeExplorer.exe

Platform
Windows
Abuse functions
2
Mapped techniques
1

Description

Explorer.exe is a Windows living-off-the-land binary catalogued by the LOLBAS Project. Documented abuse functions: Execute. Mapped ATT&CK techniques (per LOLBAS / GTFOBins → MITRE crosswalk): T1218. Defenders should monitor execution of Explorer.exe under non-administrative or sudo contexts and alert when its arguments match the abuse-function signatures.

Abuse functions· 2

ExecuteT1202

Performs execution of specified file with explorer parent process breaking the process tree, can be used for defense evasion.

ExecuteT1202

Performs execution of specified file with explorer parent process breaking the process tree, can be used for defense evasion.

MITRE ATT&CK techniques· 1

T1202

Uses1

TypeTargetConfidenceTier
TechniqueIndirect Command Executiont1202100%live

Abuses1

TypeTargetConfidenceTier
TechniqueSystem Binary Proxy Executiont121885%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

LOLbin
te.exe
LOLbin
Logger.exe
LOLbin
Ieexec.exe
LOLbin
AgentExecutor.exe
LOLbin
Extexport.exe
LOLbin
Tracker.exe
Sourced from LOLBAS Project. Curated by Adam Lundqvist, SQUR.