Dump registry SAM Hive via Microsoft Word Add-in

'This TTP will stage a UPX packed .wll file in the Microsoft\Word\STARTUP directory and then start Word to execute the Word Add-in and dump SAM registry hive into c:\temp\folder.'
View Command

To view this TTPs command, you must be logged in with a professional or enterprise license.


Test this TTP

Download Operator (1.7.1)
Test this TTP using one of our Operator chains
Is my host protected against Microsoft Office add-ins?


Stage and execute malicious Microsoft Office add-in.