Skip to content

Hide Navigation Hide TOC

Suspicious Msiexec Execute Arbitrary DLL (6f4191bb-912b-48a8-9ce7-682769541e6d)

Adversaries may abuse msiexec.exe to proxy execution of malicious payloads. Msiexec.exe is the command-line utility for the Windows Installer and is thus commonly associated with executing installation packages (.msi)

Cluster A Galaxy A Cluster B Galaxy B Level
Msiexec - T1218.007 (365be77f-fc0e-42ee-bac8-4faf806d9336) Attack Pattern Suspicious Msiexec Execute Arbitrary DLL (6f4191bb-912b-48a8-9ce7-682769541e6d) Sigma-Rules 1
Msiexec - T1218.007 (365be77f-fc0e-42ee-bac8-4faf806d9336) Attack Pattern System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 2