EXPLORE
Sign In
← Back to Explore
T1497.003

Time Based Checks

Adversaries may employ various time-based methods to detect virtualization and analysis environments, particularly those that attempt to manipulate time mechanisms to simulate longer elapses of time. This may include enumerating time-based properties, such as uptime or the system clock. Adversaries may use calls like `GetTickCount` and `GetSystemTimeAsFileTime` to discover if they are operating within a virtual machine or sandbox, or may be able to identify a sandbox accelerating time by sampl...

LinuxmacOSWindows
4
Detections
2
Sources
0
Threat Actors

BY SOURCE

3splunk_escu1elastic

PROCEDURES (3)

Evasion2 detections

Auto-extracted: 2 detections for evasion

Script Execution Monitoring1 detections

Auto-extracted: 1 detections for script execution monitoring

General Monitoring1 detections

Auto-extracted: 1 detections for general monitoring

DETECTIONS (4)

Delayed Execution via Ping
elasticlow
Ping Sleep Batch Command
splunk_escu
Windows Time Based Evasion
splunk_escu
Windows Time Based Evasion via Choice Exec
splunk_escu