Windows
Regsvr32.exeRegsvr32.exe
Platform
Windows
Abuse functions
6
Mapped techniques
1
Description
Regsvr32.exe is a Windows living-off-the-land binary catalogued by the LOLBAS Project. Documented abuse functions: AWL Bypass, Execute. Mapped ATT&CK techniques (per LOLBAS / GTFOBins → MITRE crosswalk): T1218. Defenders should monitor execution of Regsvr32.exe under non-administrative or sudo contexts and alert when its arguments match the abuse-function signatures.
Abuse functions· 6
AWL BypassT1218.010
Execute code from remote scriptlet, bypass Application whitelisting
AWL BypassT1218.010
Execute code from scriptlet, bypass Application whitelisting
ExecuteT1218.010
Execute code from remote scriptlet, bypass Application whitelisting
ExecuteT1218.010
Execute code from scriptlet, bypass Application whitelisting
ExecuteT1218.010
Execute DLL file
ExecuteT1218.010
Execute DLL file
MITRE ATT&CK techniques· 1
Uses1
| Type | Target | Confidence | Tier |
|---|---|---|---|
| SubTechnique | Regsvr32t1218.010 | 100% | live |
Abuses1
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Technique | System Binary Proxy Executiont1218 | 85% | live |
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.