Skip to content

Hide Navigation Hide TOC

Suspicious PowerShell WindowStyle Option (313fbb0a-a341-4682-848d-6d6f8c4fab7c)

Adversaries may use hidden windows to conceal malicious activity from the plain sight of users. In some cases, windows that would typically be displayed when an application carries out an operation can be hidden

Cluster A Galaxy A Cluster B Galaxy B Level
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern Suspicious PowerShell WindowStyle Option (313fbb0a-a341-4682-848d-6d6f8c4fab7c) Sigma-Rules 1
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 2