Creation of Scheduled Task with schtasks.exe¶
A scheduled task can be used by an adversary to establish persistence, move laterally, and/or escalate privileges.
id: | 9583c2ff-508d-4ebb-8b89-712b0a4d3186 |
---|---|
categories: | hunt |
confidence: | low |
os: | windows |
created: | 7/26/2019 |
updated: | 7/26/2019 |
MITRE ATT&CK™ Mapping¶
tactics: | Privilege Escalation, Execution, Persistence |
---|---|
techniques: | T1053 Scheduled Task |
Query¶
process where subtype.create and
process_name = "schtasks.exe" and
command_line = "*create*"