Requires PsExec tool installed. BlackCat Ransomware tried to propagate by creating pipe using PsExec process executing from suspicious locations (In the particular case the legitimate PsExec executable is embedded within the Windows variant and is dropped in the victim’s %TEMP% directory). Upon successful execution, PsExec will be executed from suspicious location and create a new pipe to execute CMD.
Requires PsExec tool installed. BlackCat Ransomware tried to propagate by creating pipe using PsExec process executing from suspicious locations (In the particular case the legitimate PsExec executable is embedded within the Windows variant and is dropped in the victim’s %TEMP% directory). Upon successful execution, PsExec will be executed from suspicious location and create a new pipe to execute CMD.