APT29
|
Step
|
ATT&CK Pattern
|
Detection Type |
Detection Note |
|
6.A.3
|
|
|
Telemetry showed that accesschk.exe is not the legitimate Sysinternals tool by comparing the hashes.
[1]
[2]
|
|
An MSSP detection for Masquerading occurred containing evidence that accesschk.exe is not the legitimate Sysinternals tool.
[1]
[2]
|
|
Masqueraded a Chrome password dump tool as accesscheck.exe, a legitimate Sysinternals tool
Evidence that accesschk.exe is not the legitimate Sysinternals tool
[1]
[2]
Masqueraded a Chrome password dump tool as accesscheck.exe, a legitimate Sysinternals tool
Evidence that accesschk.exe is not the legitimate Sysinternals tool
[1]
[2]