Hide Artifacts: Hidden Window

Created the Tuesday 31 January 2023. Updated 1 year, 1 month ago.

Adversaries may use hidden windows to conceal malicious activity from the plain sight of users. In some cases, windows that would typically be displayed when an application carries out an operation can be hidden. This may be utilized by system administrators to avoid disrupting user work environments when carrying out administrative tasks.

On Windows, there are a variety of features in scripting languages in Windows, such as PowerShell, Jscript, and Visual Basic to make windows hidden. One example of this is powershell.exe -WindowStyle Hidden.

Adversaries may abuse these functionalities to hide otherwise visible windows from users so as not to alert the user to adversary activity on the system.

Technique Identifier

T1564.003

Technique Tags

Defense Evasion -WindowStyle Hidden supress windows APT19 APT28 APT3 APT32

Code Snippets

#include <windows.h>
#include <stdio.h>

void main() {
    HWND winHandle = GetConsoleWindow();
    ShowWindow(winHandle, SW_HIDE);
}

About Author Open Snippet

Author: Issac Briones (1d8) / Target Platform: Windows

Additional Resources

External Links

The resources provided below are associated links that will give you even more detailed information and research on current evasion technique. It is important to note that, while these resources may be helpful, it is important to exercise caution when following external links. As always, be careful when clicking on links from unknown sources, as they may lead to malicious content.

Hide Artifacts: Hidden Window, Sub-technique T1564.003 - Enterprise | MITRE ATT&CK®