System Information Discovery

Detect enumeration of Windows system information via systeminfo.exe

id:4b9c2df7-87e2-4bbc-9123-9779ecb2dbf2 categories:hunt confidence:medium os:windows created:11/30/2018 updated:11/30/2018

MITRE ATT&CK™ Mapping

tactics:Discovery techniques:T1082 System Information Discovery

Query

process where subtype.create and process_name == "systeminfo.exe"
| unique user_name, command_line

Detonation

Atomic Red Team: T1082

Contributors

• Endgame