[ssj100]

I have a POC which opens "cmd.exe" and "regedit.exe" within the memory of Microsoft Office. Anyone have malicious malware samples of this (or similar)?

Some information here:
http://ssj100.fullsubject.com/t319-exce ... sting#2640

[GamingMasteR]

I think some RATs use this method .

[EP_X0FF]

MyLoader aka Oficla. Effective enough trojan downloader.

[ssj100]

Any live samples please?

[EP_X0FF]

http://www.kernelmode.info/forum/viewto ... ?f=16&t=88

you need to find new droppers with working C&C servers to get payload

[ssj100]

Sorry, but I don't know what that means. It's probably easier if someone could directly upload and attach a working live malware that uses this technique. Otherwise, don't worry about it, and thanks for trying.