Windows

Msiexec.exeMsiexec.exe

Platform
Windows
Abuse functions
5
Mapped techniques
1

Description

Msiexec.exe is a Windows living-off-the-land binary catalogued by the LOLBAS Project. Documented abuse functions: Execute. Mapped ATT&CK techniques (per LOLBAS / GTFOBins → MITRE crosswalk): T1218. Defenders should monitor execution of Msiexec.exe under non-administrative or sudo contexts and alert when its arguments match the abuse-function signatures.

Abuse functions· 5

ExecuteT1218.007

Execute custom made msi file with attack code

ExecuteT1218.007

Execute custom made msi file with attack code from remote server

ExecuteT1218.007

Execute dll files

ExecuteT1218.007

Execute dll files

ExecuteT1218.007

Install trusted and signed msi file, with additional attack code as transformation file, from a remote server

MITRE ATT&CK techniques· 1

T1218.007

Uses1

TypeTargetConfidenceTier
SubTechniqueMsiexect1218.007100%live

Abuses1

TypeTargetConfidenceTier
TechniqueSystem Binary Proxy Executiont121885%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

LOLbin
Mpiexec.exe
LOLbin
Msdeploy.exe
LOLbin
Installutil.exe
Sub-technique
Msiexec
LOLbin
VSIISExeLauncher.exe
LOLbin
AgentExecutor.exe
Sourced from LOLBAS Project. Curated by Adam Lundqvist, SQUR.