Windows
Update.exeUpdate.exe
Platform
Windows
Abuse functions
13
Mapped techniques
3
Description
Update.exe is a Windows living-off-the-land binary catalogued by the LOLBAS Project. Documented abuse functions: Download, AWL Bypass, Execute. Mapped ATT&CK techniques (per LOLBAS / GTFOBins → MITRE crosswalk): T1105, T1218. Defenders should monitor execution of Update.exe under non-administrative or sudo contexts and alert when its arguments match the abuse-function signatures.
Abuse functions· 13
DownloadT1218
Download binary
AWL BypassT1218
Download and execute binary
ExecuteT1218
Download and execute binary
AWL BypassT1218
Download and execute binary
ExecuteT1218
Download and execute binary
AWL BypassT1218
Download and execute binary
ExecuteT1218
Download and execute binary
AWL BypassT1218
Application Whitelisting Bypass
AWL BypassT1218
Download and execute binary
ExecuteT1218
Download and execute binary
ExecuteT1218
Execute binary
ExecuteT1547
Execute binary
ExecuteT1070
Execute binary
MITRE ATT&CK techniques· 3
Uses3
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Technique | Indicator Removalt1070 | 100% | live |
| Technique | System Binary Proxy Executiont1218 | 100% | live |
| Technique | Boot or Logon Autostart Executiont1547 | 100% | live |
Abuses2
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Technique | System Binary Proxy Executiont1218 | 85% | live |
| Technique | Ingress Tool Transfert1105 | 85% | live |
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.