System Binary Proxy Execution is a technique where adversaries bypass process and signature-based defenses by using signed or trusted binaries to execute malicious content. Often, these binaries are Microsoft-signed files that are either downloaded from Microsoft or come natively with the operating system. Because these binaries are signed with trusted digital certificates, they can typically execute on Windows systems that enforce digital signature validation. This technique leverages several default Microsoft-signed binaries in Windows installations to proxy the execution of other files or commands, effectively evading security defenses.
For more details, refer to the MITRE ATT&CK framework: System Binary Proxy Execution.