Creation of Scheduled Task with schtasks.exe¶
A scheduled task can be used by an adversary to establish persistence, move laterally, and/or escalate privileges.
| id: | 9583c2ff-508d-4ebb-8b89-712b0a4d3186 |
|---|---|
| categories: | hunt |
| confidence: | low |
| os: | windows |
| created: | 7/26/2019 |
| updated: | 7/26/2019 |
MITRE ATT&CK™ Mapping¶
| tactics: | Privilege Escalation, Execution, Persistence |
|---|---|
| techniques: | T1053 Scheduled Task |
Query¶
process where subtype.create and
process_name = "schtasks.exe" and
command_line = "*create*"