find graphical window

edit on GitHub
search on VirusTotal

rule:
  meta:
    name: find graphical window
    namespace: host-interaction/gui/window/find
    authors:
      - moritz.raabe@mandiant.com
    scopes:
      static: function
      dynamic: call
    att&ck:
      - Discovery::Application Window Discovery [T1010]
    examples:
      - 7C843E75D4F02087B932FE280DF9C90C:0x41B180
  features:
    - or:
      - api: user32.FindWindow
      - api: user32.FindWindowEx

last edited: 2023-11-24 10:34:28