Windows
winget.exewinget.exe
Platform
Windows
Abuse functions
3
Mapped techniques
1
Description
winget.exe is a Windows living-off-the-land binary catalogued by the LOLBAS Project. Documented abuse functions: Execute, Download, AWL Bypass. Mapped ATT&CK techniques (per LOLBAS / GTFOBins → MITRE crosswalk): T1105, T1218. Defenders should monitor execution of winget.exe under non-administrative or sudo contexts and alert when its arguments match the abuse-function signatures.
Abuse functions· 3
ExecuteT1105
Download and execute an arbitrary file from the internet
DownloadT1105
Download and install software from Microsoft Store, even if Microsoft Store App is blocked
AWL BypassT1105
Download and install software from Microsoft Store, even if Microsoft Store App is blocked, and AppLocker is activated on the machine
MITRE ATT&CK techniques· 1
Uses1
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Technique | Ingress Tool Transfert1105 | 100% | live |
Abuses2
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Technique | Ingress Tool Transfert1105 | 85% | live |
| Technique | System Binary Proxy Executiont1218 | 85% | live |
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.