Revisiting Get-FileTimestamp with Reflection
Tags
attack-pattern: Data Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID d631aa3c-730d-49e6-9a75-bc8e776d8856
Fingerprint 2aa3eb1a6d65bb21
Analysis status DONE
Considered CTI value 0
Text language
Published Aug. 22, 2014, midnight
Added to db Jan. 18, 2023, 9:57 p.m.
Last updated Nov. 17, 2024, 6:53 p.m.
Headline UNKNOWN
Title Revisiting Get-FileTimestamp with Reflection
Detected Hints/Tags/Attributes 24/1/16
Source URLs
Redirection Url
Details Source https://learn-powershell.net/2014/08/22/revisiting-get-filestamp-with-reflection/
URL Provider
Details Provider Source level domain
Details learn-powershell.net learn-powershell.net
Attributes
Details Type #Events CTI Value
Details Domain 228 
system.io
Details Domain 29 
intptr.zero
Details Domain 9 
filemode.open
Details Domain 6 
fileaccess.read
Details Domain 1 
fileshare.read
Details Domain 1 
filestream.name
Details Domain 21 
gallery.technet.microsoft.com
Details File 2 
win32.safe
Details File 533 
ntdll.dll
Details File 2 
handles.safe
Details File 5 
interopservices.dll
Details File 10 
'ntdll.dll
Details File 1 
fs.safe
Details File 1 
c:\users\proxb\desktop\desktop.ini
Details File 2 
filestream.safe
Details Url 1 
http://gallery.technet.microsoft.com/scriptcenter/get-mft-timestamp-of-a-file-9227f399