Enumeration of System Information

Windows contains several built-in commands to report system information. These may be used by an actor to gain detailed information about the target machine.

id:507f19c1-dfa9-475b-925e-61e417a10967 categories:enrich confidence:low os:windows created:7/26/2019 updated:7/26/2019

MITRE ATT&CK™ Mapping

tactics:Discovery techniques:T1082 System Information Discovery

Query

process where subtype.create and (
  process_name in ("systeminfo.exe", "hostname.exe") or
  process_name == "cmd.exe" and wildcard(command_line, "* ver*", "*%COMPUTERNAME%*", "*%PROCESSOR_*%")
)

Contributors

• Endgame