Windows

PrintBrm.exePrintBrm.exe

Platform
Windows
Abuse functions
2
Mapped techniques
2

Description

PrintBrm.exe is a Windows living-off-the-land binary catalogued by the LOLBAS Project. Documented abuse functions: Download, ADS. Mapped ATT&CK techniques (per LOLBAS / GTFOBins → MITRE crosswalk): T1105, T1564.004. Defenders should monitor execution of PrintBrm.exe under non-administrative or sudo contexts and alert when its arguments match the abuse-function signatures.

Abuse functions· 2

DownloadT1105

Exfiltrate the contents of a remote folder on a UNC share into a zip file

Decompress and extract a ZIP file stored on an alternate data stream to a new folder

MITRE ATT&CK techniques· 2

T1105T1564.004

Uses2

TypeTargetConfidenceTier
SubTechniqueNTFS File Attributest1564.004100%live
TechniqueIngress Tool Transfert1105100%live

Abuses2

TypeTargetConfidenceTier
SubTechniqueNTFS File Attributest1564.00490%live
TechniqueIngress Tool Transfert110585%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

LOLbin
Print.exe
LOLbin
Pubprn.vbs
LOLbin
Mspub.exe
LOLbin
MpCmdRun.exe
LOLbin
Bcp.exe
LOLbin
Desktopimgdownldr.exe
Sourced from LOLBAS Project. Curated by Adam Lundqvist, SQUR.