Makecab (cf7f05a7-4093-4855-b9d9-b93226056aec)
This object contains information sourced from the Living Off The Land Binaries, Scripts and Libraries (LOLBAS) project, which is licensed under GNU General Public License v3.0.
Description: Binary to package existing files into a cabinet (.cab) file
Author: Oddvar Moe
Paths: * C:\Windows\System32\makecab.exe * C:\Windows\SysWOW64\makecab.exe
Resources: * https://gist.github.com/api0cradle/cdd2d0d0ec9abb686f0e89306e277b8f
Detection: * Sigma: proc_creation_win_susp_alternate_data_streams.yml * Elastic: defense_evasion_misc_lolbin_connecting_to_the_internet.toml * IOC: Makecab retrieving files from Internet * IOC: Makecab storing data into alternate data streams[Makecab.exe - LOLBAS Project]