GET /api/techniques/371/?format=api
HTTP 200 OK
Allow: GET, PUT, PATCH, DELETE, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept
{
"id": 371,
"key": "ntdelayexecution",
"unprotect_id": "U1344,U0133",
"name": "NtDelayExecution",
"description": "[NtDelayExecution](http://undocumented.ntinternals.net/index.html?page=UserMode%2FUndocumented%20Functions%2FNT%20Objects%2FThread%2FNtDelayExecution.html) can be used to delay the execution of the calling thread. NtDelayExecution accepts a parameter \"DelayInterval\", which is the number of milliseconds to delay. Once executed, NtDelayExecution \"pauses\" execution of the calling program whuch can cause a timeout of the sandbox or loss of control in a debugger. \r\n\r\nAdditionally, some higher level WinAPI functions invoke NtDelayExeuction. For example, the WinAPI function [Beep](https://learn.microsoft.com/en-us/windows/win32/api/utilapiset/nf-utilapiset-beep), which plays an audible tone for a specified number of milliseconds, calls into NtDelayExecution. In this manner, malware can invoke the Beep function to similarly cause a delay in the program execution.",
"windows": "",
"linux": "",
"macos": "",
"resources": "http://undocumented.ntinternals.net/index.html?page=UserMode%2FUndocumented%20Functions%2FNT%20Objects%2FThread%2FNtDelayExecution.html\r\nhttps://securityliterate.com/beeeeeeeeep-how-malware-uses-the-beep-winapi-function-for-anti-analysis/",
"creation_date": "2024-08-17T06:49:17.495641Z",
"tags": "",
"modification_date": "2024-08-17T06:53:15.129268Z",
"category": [
1,
3
],
"rules": [],
"attachments": [],
"featured_api": [
629
],
"contributors": [
11
]
}
