Skip to content

Hide Navigation Hide TOC

Service Execution - T1035 (f44731de-ea9f-406d-9b83-30ecbb9b4392)

Adversaries may execute a binary, command, or script via a method that interacts with Windows services, such as the Service Control Manager. This can be done by either creating a new service or modifying an existing service. This technique is the execution used in conjunction with New Service and Modify Existing Service during service persistence or privilege escalation.

Cluster A Galaxy A Cluster B Galaxy B Level
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern Service Execution - T1035 (f44731de-ea9f-406d-9b83-30ecbb9b4392) Attack Pattern 1
System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253) Attack Pattern Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 2