EXPLORE

← Back to Explore

T1218.014

MMC

Adversaries may abuse mmc.exe to proxy execution of malicious .msc files. Microsoft Management Console (MMC) is a binary that may be signed by Microsoft and is used in several ways in either its GUI or in a command prompt.(Citation: win_mmc)(Citation: what_is_mmc) MMC can be used to create, open, and save custom consoles that contain administrative tools created by Microsoft, called snap-ins. These snap-ins may be used to manage Windows systems locally or remotely. MMC can also be used to open M...

Windows

10

Detections

3

Sources

1

Threat Actors

BY SOURCE

4elastic4splunk_escu2sigma

PROCEDURES (9)

General Monitoring2 detections

Auto-extracted: 2 detections for general monitoring

Process Creation Monitoring1 detections

Auto-extracted: 1 detections for process creation monitoring

Bypass1 detections

Auto-extracted: 1 detections for bypass

C21 detections

Auto-extracted: 1 detections for c2

Privilege1 detections

Auto-extracted: 1 detections for privilege

Privilege1 detections

Auto-extracted: 1 detections for privilege

Bypass1 detections

Auto-extracted: 1 detections for bypass

C21 detections

Auto-extracted: 1 detections for c2

Parent Process1 detections

Auto-extracted: 1 detections for parent process

THREAT ACTORS (1)

DETECTIONS (10)

Incoming DCOM Lateral Movement with MMC

Microsoft Management Console File from Unusual Path

MMC Executing Files with Reversed Extensions Using RTLO Abuse

MMC Loading Script Engines DLLs

Mmc LOLBAS Execution Process Spawn

Possible Lateral Movement PowerShell Spawn

UAC Bypass MMC Load Unsigned Dll

UAC Bypass via Windows Firewall Snap-In Hijack

Unusual Execution via Microsoft Common Console File

Windows Execution of Microsoft MSC File In Suspicious Path