T1124: System Time Discovery
An adversary may gather the system time and/or time zone form a local or remote system. The system is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
System time information may be gathered in a number of ways, such as with Net on Windows by performing net time \hostname to gather the system time on a remote system. The victims time zone may also be inferred from the current system time or gathered by using w32tm /tz. The information could be useful for performing other techniques, such as executing a file with a Scheduled Task/Job, or to discover locality information based on time zone to assist in victim targeting.
Example
We will use the 2 utilities talked about on this technique to check the time on the host (This can also be done remotely but will require Administrator Privileges)
W32tm /tz
Net time
Copy link