# T1124: System Time Discovery

An adversary may gather the system time and/or time zone form a local or remote system. The system is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.

System time information may be gathered in a number of ways, such as with Net on Windows by performing net time \hostname to gather the system time on a remote system. The victims time zone may also be inferred from the current system time or gathered by using w32tm /tz. The information could be useful for performing other techniques, such as executing a file with a Scheduled Task/Job, or to discover locality information based on time zone to assist in victim targeting.

**Example**

We will use the 2 utilities talked about on this technique to check the time on the host (**This can also be done remotely but will require Administrator Privileges**)

W32tm /tz

![](https://315180959-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MRh03Vwd4nuiUi3Oje7%2F-MS07gea5A782Vng9l_a%2F-MS07smqACGxdYWfdNnL%2Fimage.png?alt=media\&token=326cee4b-d0f2-4a62-9e7c-6f825d3bd3b4)

Net time

![](https://315180959-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MRh03Vwd4nuiUi3Oje7%2F-MS07gea5A782Vng9l_a%2F-MS07tZkT0t_hl-Cq2Xr%2Fimage.png?alt=media\&token=abccac71-75d3-4b38-a8f5-7c09efc8bf14)