← Back to Explore
T1547.003
Time Providers
Adversaries may abuse time providers to execute DLLs when the system boots. The Windows Time service (W32Time) enables time synchronization across and within domains.(Citation: Microsoft W32Time Feb 2018) W32Time time providers are responsible for retrieving time stamps from hardware/network resources and outputting these values to other network clients.(Citation: Microsoft TimeProvider) Time providers are implemented as dynamic-link libraries (DLLs) that are registered in the subkeys of `HKEY_...
Windows
3
Detections
3
Sources
0
Threat Actors
BY SOURCE
1elastic1sigma1splunk_escu
PROCEDURES (2)
Persist2 detections
Auto-extracted: 2 detections for persist
Registry Monitoring1 detections
Auto-extracted: 1 detections for registry monitoring