PsExec

PsExec is a free Microsoft tool that can be used to execute a program on another computer. It is used by IT administrators and attackers. [1] [2]

ID: S0029
Type: TOOL
Platforms: Windows
Version: 1.0

Techniques Used

Domain ID Name Use
Enterprise T1035 Service Execution Microsoft Sysinternals PsExec is a popular administration tool that can be used to execute binaries on remote systems using a temporary Windows service.[1]
Enterprise T1077 Windows Admin Shares PsExec, a tool that has been used by adversaries, writes programs to the ADMIN$ network share to execute commands on remote systems.[3]

Groups

Groups that use this software:

APT1
APT29
APT39
Carbanak
Cleaver
Cobalt Group
Dragonfly 2.0
FIN5
FIN6
Leafminer
Magic Hound
menuPass
Naikon
Night Dragon
OilRig
Soft Cell
Stolen Pencil
TEMP.Veles
Threat Group-1314
Thrip
Turla

References