Skip to content

Hide Navigation Hide TOC

Suspicious PowerShell WindowStyle Option (313fbb0a-a341-4682-848d-6d6f8c4fab7c)

Adversaries may use hidden windows to conceal malicious activity from the plain sight of users. In some cases, windows that would typically be displayed when an application carries out an operation can be hidden

Cluster A Galaxy A Cluster B Galaxy B Level
Suspicious PowerShell WindowStyle Option (313fbb0a-a341-4682-848d-6d6f8c4fab7c) Sigma-Rules Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 1
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 2