Hidden Attribute was added to a file using attrib.exe

Cortex XDR Analytics Alert Reference by data source

Product
Cortex XDR
Last date published
2025-01-19
Category
Analytics Alert Reference
Index by
data source

Synopsis

Activation Period

14 Days

Training Period

30 Days

Test Period

N/A (single event)

Deduplication Period

1 Day

Required Data

  • Requires:
    • XDR Agent

Detection Modules

Detector Tags

ATT&CK Tactic

Defense Evasion (TA0005)

ATT&CK Technique

Hide Artifacts: Hidden Files and Directories (T1564.001)

Severity

Informational

Description

Hidden attribute was added to a file using attrib.exe, adversaries may set files to be hidden to evade detection mechanisms.

Attacker's Goals

Hide malware or staged files from standard file explorers.

Investigative actions

  • Check if the hidden file is malicious.
  • Verify if the process executing the command is malicious.
  • Check for more suspicious actions done by the user and process.