aryma/Ares-mythic
1
0
Fork 0
mirror of https://github.com/Aryma-f4/Ares-mythic.git synced 2026-06-12 19:04:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
Aryma
2026-04-14 12:17:24 +07:00
commit 2f05f67733
799 changed files with 531884 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
documentation-payload/apollo/commands/execute_pe.md Normal file
View File

@@ -0,0 +1,49 @@
+++
title = "execute_pe"
chapter = false
weight = 103
hidden = false
+++
{{% notice info %}}
Artifacts Generated: Process Create, Process Inject, Process Kill
{{% /notice %}}
## Summary
Execute a statically compiled PE file (e.g., compiled with /MT) with the specified arguments. This PE must first be cached in the agent using the `register_file` command before being executed.
{{% notice info %}}
Executables must be compiled for the architecture of the machine. e.g., if Apollo is running on a 64-bit machine, compile the executable for x64.
{{% /notice %}}
This is based on the work put forward by Nettitude's [RunPE](https://github.com/nettitude/RunPE) project with modifications.
### Arguments
![exepe](../images/execute_pe.png)
#### PE
The name of the assembly to execute. This must match the file name used with `register_file`.
#### Arguments (optional)
Arguments to pass to the assembly.
## Usage
```
execute_pe -PE [pe_name] -Arguments [arguments]
execute_pe [pe_name] [arguments]
```
Example
```
execute_pe -PE SpoolSample.exe -Arguments "127.0.0.1 127.0.0.1"
execute_pe SpoolSample.exe 127.0.0.1 127.0.0.1
```
## MITRE ATT&CK Mapping
- T1547
### Resources
- [RunPE](https://github.com/nettitude/RunPE)