PsExec

PsExec is a free Microsoft tool that can be used to execute a program on another computer. It is used by IT administrators and attackers. [1] [2]

ID: S0029
Aliases: PsExec
Type: TOOL
Platforms: Windows

Version: 1.0

Techniques Used

DomainIDNameUse
EnterpriseT1035Service ExecutionMicrosoft Sysinternals PsExec is a popular administration tool that can be used to execute binaries on remote systems using a temporary Windows service.[1]
EnterpriseT1077Windows Admin SharesPsExec, a tool that has been used by adversaries, writes programs to the ADMIN$ network share to execute commands on remote systems.[3]

Groups

Groups that use this software:

APT29
Carbanak
Cleaver
Cobalt Group
Dragonfly 2.0
FIN5
FIN6
Leafminer
Magic Hound
menuPass
Naikon
OilRig
Threat Group-1314
Thrip

References