ioc[.]one - OSINT Cyber Threat Intelligence Database

Working with scheduled tasks

Tags

attack-pattern:

Powershell - T1059.001 Powershell - T1086

Show in Graph

Common Information

Type	Value
UUID	d5405a68-0669-4759-af1b-00e165f0effc
Fingerprint	3750387874cc88f3
Analysis status	DONE
Considered CTI value	0
Text language
Published	Oct. 22, 2012, 9:42 p.m.
Added to db	Jan. 18, 2023, 10:06 p.m.
Last updated	Sept. 4, 2024, 11:45 p.m.
Headline	>_
Title	Working with scheduled tasks
Detected Hints/Tags/Attributes	17/1/58

Source URLs

	Redirection	Url
Details	Source	https://p0w3rsh3ll.wordpress.com/2012/10/22/working-with-scheduled-tasks/

URL Provider

Details	Provider	Source level domain
Details	wordpress.com	p0w3rsh3ll.wordpress.com

Attributes

Details	Type	#Events	Value
Details	Domain	3	jdhitsolutions.com
Details	Domain	1	task.registrationinfo.author
Details	Domain	1	task.registrationinfo.date
Details	Domain	201	msdn.microsoft.com
Details	Domain	1	taskobject.name
Details	File	2	how-can-i-best-work-with-task-scheduler.aspx
Details	File	1	taskobject.xml
Details	File	2	task.reg
Details	File	2	%programfiles%\windows media player\wmpnscfg.exe
Details	File	1	%systemroot%\system32\acproxy.dll
Details	File	1	%systemroot%\system32\aepdu.dll
Details	File	1	%systemroot%\system32\aitagent.exe
Details	File	2	%systemroot%\system32\appidsvc.dll
Details	File	1	%systemroot%\system32\auxiliarydisplayservices.dll
Details	File	1	%systemroot%\system32\bfe.dll
Details	File	1	%systemroot%\system32\bthudtask.exe
Details	File	1	%systemroot%\system32\cscui.dll
Details	File	1	%systemroot%\system32\dfdts.dll
Details	File	1	%systemroot%\system32\dimsjob.dll
Details	File	1	%systemroot%\system32\dps.dll
Details	File	1	%systemroot%\system32\drivers\tcpip.sys
Details	File	1	%systemroot%\system32\defragsvc.dll
Details	File	1	%systemroot%\system32\energy.dll
Details	File	1	%systemroot%\system32\hotstartuseragent.dll
Details	File	1	%systemroot%\system32\kernelceip.dll
Details	File	1	%systemroot%\system32\lpremove.exe
Details	File	1	%systemroot%\system32\memdiag.dll
Details	File	1	%systemroot%\system32\mscms.dll
Details	File	1	%systemroot%\system32\msdrm.dll
Details	File	6	%systemroot%\system32\msra.exe
Details	File	1	%systemroot%\system32\nettrace.dll
Details	File	1	%systemroot%\system32\osppc.dll
Details	File	1	%systemroot%\system32\perftrack.dll
Details	File	1	%systemroot%\system32\portabledeviceapi.dll
Details	File	1	%systemroot%\system32\racengn.dll
Details	File	1	%systemroot%\system32\rasmbmgr.dll
Details	File	1	%systemroot%\system32\regidle.dll
Details	File	1	%systemroot%\system32\sdclt.exe
Details	File	1	%systemroot%\system32\sdiagschd.dll
Details	File	1	%systemroot%\system32\sppc.dll
Details	File	1	%systemroot%\system32\srrstr.dll
Details	File	1	%systemroot%\system32\upnphost.dll
Details	File	1	%systemroot%\system32\usbceip.dll
Details	File	1	%systemroot%\system32\w32time.dll
Details	File	1	%systemroot%\system32\wdc.dll
Details	File	1	%systemroot%\system32\wer.dll
Details	File	1	%systemroot%\system32\wpcmig.dll
Details	File	1	%systemroot%\system32\wpcumi.dll
Details	File	1	%systemroot%\system32\winsatapi.dll
Details	File	1	%systemroot%\system32\wat\watux.exe
Details	File	1	istrationinfo.dat
Details	File	2	task.settings
Details	File	2	_.xml
Details	File	1	actions.exe
Details	IPv4	22	192.168.0.100
Details	Url	1	http://jdhitsolutions.com/blog/2012/05/sql-saturday-129-session-material
Details	Url	2	http://blogs.technet.com/b/heyscriptingguy/archive/2009/04/01/how-can-i-best-work-with-task-scheduler.aspx
Details	Url	1	http://msdn.microsoft.com/en-us/library/windows/desktop/aa383617(v=vs.85).aspx