Batch File Write To System32

Description

The search looks for a batch file (.bat) written to the Windows system directory tree.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Security Monitoring

Category

Malware,

Alert Volume

The search looks for a batch file (.bat) written to the Windows system directory tree.

SPL Difficulty

None

Journey

Stage 3

MITRE ATT&CK Tactics

Execution

MITRE ATT&CK Techniques

User Execution

Malicious File

MITRE Threat Groups

APT-C-36
APT12
APT19
APT28
APT29
APT30
APT32
APT33
APT37
APT39
BRONZE BUTLER
BlackTech
Cobalt Group
Dark Caracal
DarkHydrus
Darkhotel
Dragonfly 2.0
Elderwood
FIN4
FIN6
FIN7
FIN8
Frankenstein
Gallmaker
Gamaredon Group
Gorgon Group
Inception
Lazarus Group
Leviathan
Machete
Magic Hound
Mofang
Molerats
MuddyWater
Naikon
OilRig
PLATINUM
PROMETHIUM
Patchwork
RTM
Rancor
Sandworm Team
Sharpshooter
Silence
TA459
TA505
The White Company
Tropic Trooper
Whitefly
Windshift
Wizard Spider
admin@338
menuPass

Kill Chain Phases

Delivery

Data Sources

Endpoint Detection and Response

   Help

Batch File Write To System32 Help

You must be ingesting data that records the file-system activity from your hosts to populate the Endpoint file-system data-model node. If you are using Sysmon, you will need a Splunk Universal Forwarder on each endpoint from which you want to collect data.

   Search

Open in Search