.. /Mmc.exe

Star

Load snap-ins to locally and remotely manage Windows systems

• https://bohops.com/2018/08/18/abusing-the-com-registry-structure-part-2-loading-techniques-for-evasion-and-persistence/
• https://offsec.almond.consulting/UAC-bypass-dotnet.html

Execute

1. Launch a 'backgrounded' MMC process and invoke a COM payload

   mmc.exe -Embedding c:\path\to\test.msc

   Use case

   Configure a snap-in to load a COM custom class (CLSID) that has been added to the registry

   Privileges required

   User

   Operating systems

   Windows 10 (and possibly earlier versions), Windows 11

   ATT&CK® technique

   T1218.014

UAC bypass

1. Load an arbitrary payload DLL by configuring COR Profiler registry settings and launching MMC to bypass UAC.

   mmc.exe gpedit.msc

   Use case

   Modify HKCU\Environment key in Registry with COR profiler values then launch MMC to load the payload DLL.

   Privileges required

   Administrator

   Operating systems

   Windows 10 (and possibly earlier versions), Windows 11

   ATT&CK® technique

   T1218.014