==================================================

CREATED: WIN-PSEXEC-SERVICE-RENAME (#1324)

Description

Identifies instances of SysInternals PsExec Service that execute under a different name. This tool is commonly used by adversaries for lateral movement, but it is also used by system administrators for remote administration.

References

https://docs.microsoft.com/en-us/sysinternals/downloads/psexec

ATT&CK Technique T1035
ATT&CK Technique T1077

Did this answer your question?