Windows

Mmc.exeMmc.exe

Platform
Windows
Abuse functions
3
Mapped techniques
1

Description

Mmc.exe is a Windows living-off-the-land binary catalogued by the LOLBAS Project. Documented abuse functions: Execute, UAC Bypass, Download. Mapped ATT&CK techniques (per LOLBAS / GTFOBins → MITRE crosswalk): T1105, T1218, T1548.002. Defenders should monitor execution of Mmc.exe under non-administrative or sudo contexts and alert when its arguments match the abuse-function signatures.

Abuse functions· 3

ExecuteT1218.014

Configure a snap-in to load a COM custom class (CLSID) that has been added to the registry

UAC BypassT1218.014

Modify HKCU\Environment key in Registry with COR profiler values then launch MMC to load the payload DLL.

DownloadT1218.014

Download file from Internet

MITRE ATT&CK techniques· 1

T1218.014

Uses1

TypeTargetConfidenceTier
SubTechniqueMMCt1218.014100%live

Abuses3

TypeTargetConfidenceTier
SubTechniqueBypass User Account Controlt1548.00290%live
TechniqueSystem Binary Proxy Executiont121885%live
TechniqueIngress Tool Transfert110585%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

LOLbin
fltMC.exe
LOLbin
Mscopilot.exe
LOLbin
MpCmdRun.exe
LOLbin
Mpiexec.exe
LOLbin
Mscopilot_proxy.exe
LOLbin
Msconfig.exe
Sourced from LOLBAS Project. Curated by Adam Lundqvist, SQUR.