Searching
..

Click anywhere to stop

HackTool.MSIL.KMSAuto.ed

Class HackTool
Platform MSIL
Family KMSAuto
Full name HackTool.MSIL.KMSAuto.ed
Examples 905D577E7053406F15881B82C234EB12
B02ED8B51E062044724599D4359B0783
7A1FF4D324284014A0207EE81498B34D
F6AB8F15421589AD48E8640743B64B34
C0BB018C038F0615D65102029BD7EB0D
Updated at 2023-10-24 12:45:43
Tactics &
techniques MITRE*

TA0002 Execution

The adversary is trying to run malicious code.


Execution consists of techniques that result in adversary-controlled code running on a local or remote system. Techniques that run malicious code are often paired with techniques from all other tactics to achieve broader goals, like exploring a network or stealing data. For example, an adversary might use a remote access tool to run a PowerShell script that does Remote System Discovery.


T1059.003 Command and Scripting Interpreter: Windows Command Shell

Adversaries may abuse the Windows command shell for execution. The Windows command shell (cmd) is the primary command prompt on Windows systems. The Windows command prompt can be used to control almost any aspect of a system, with various permission levels required for different subsets of commands. The command prompt can be invoked remotely via Remote Services such as SSH.(Citation: SSH in Windows)

Batch files (ex: .bat or .cmd) also provide the shell with a list of sequential commands to run, as well as normal scripting operations such as conditionals and loops. Common uses of batch files include long or repetitive tasks, or the need to run the same set of commands on multiple systems.

Adversaries may leverage cmd to execute various commands and payloads. Common uses include cmd to execute a single command, or abusing cmd interactively with input and output forwarded over a command and control channel.
* © 2024 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.
Find out the statistics of the threats spreading in your region