Enumeration of System Information¶
Windows contains several built-in commands to report system information. These may be used by an actor to gain detailed information about the target machine.
id: | 507f19c1-dfa9-475b-925e-61e417a10967 |
---|---|
categories: | enrich |
confidence: | low |
os: | windows |
created: | 7/26/2019 |
updated: | 7/26/2019 |
Query¶
process where subtype.create and (
process_name in ("systeminfo.exe", "hostname.exe") or
process_name == "cmd.exe" and wildcard(command_line, "* ver*", "*%COMPUTERNAME%*", "*%PROCESSOR_*%")
)