PsExec

GPTKB entity

Statements (49)
Predicate Object
gptkbp:instanceOf gptkb:software
gptkbp:canBe incident response
automation workflows
penetration testing
batch scripts
gptkbp:canBypassUAC true
gptkbp:canRedirectOutput true
gptkbp:canRunAs SYSTEM account
other user accounts
gptkbp:canRunInteractive true
gptkbp:canRunNonInteractive true
gptkbp:category remote desktop software
command-line software
Windows utilities
gptkbp:commandLineTool true
gptkbp:developedBy gptkb:Sysinternals
gptkb:Mark_Russinovich
gptkbp:developer gptkb:Microsoft
gptkbp:executableName gptkb:PsExec.exe
gptkbp:features can be used by attackers for lateral movement
gptkbp:firstReleased 2001
gptkbp:function remote administration
remote command execution
remote process creation
https://www.w3.org/2000/01/rdf-schema#label PsExec
gptkbp:latestReleaseVersion 2.40
2022-09-29
gptkbp:license Freeware
gptkbp:mentionedIn gptkb:MITRE_ATT&CK_framework
gptkbp:notableFor lightweight remote execution
no need for client software installation
gptkbp:operatingSystem gptkb:Windows
gptkbp:partOf gptkb:Sysinternals_Suite
gptkbp:platform gptkb:Windows_NT_family
gptkb:Windows_10
gptkb:Windows_7
gptkb:Windows_XP
gptkb:Windows_Server
gptkbp:requires network connectivity
administrative privileges
file and printer sharing enabled
gptkbp:supportsProtocol gptkb:SMB
gptkbp:usedFor system administration
remote troubleshooting
remote software installation
gptkbp:website https://docs.microsoft.com/en-us/sysinternals/downloads/psexec
gptkbp:bfsParent gptkb:NotPetya
gptkb:NotPetya_malware
gptkbp:bfsLayer 6