---
Name: Setres.exe
Description: Configures display settings
Author: Grzegorz Tworek
Created: 2022-10-21
Commands:
  - Command: setres.exe -w 800 -h 600
    Description: Sets the resolution and then launches 'choice' command from the working directory.
    Usecase: Executes arbitrary code
    Category: Execute
    Privileges: User
    MitreID: T1218
    OperatingSystem: Windows Server 2012, Windows Server 2016, Windows Server 2019, Windows Server 2022
Full_Path:
  - Path: c:\windows\system32\setres.exe
Detection:
  - IOC: Unusual location for choice.exe file
  - IOC: Process created from choice.com binary
  - IOC: Existence of choice.cmd file
Resources:
  - Link: https://twitter.com/0gtweet/status/1583356502340870144
Acknowledgement:
  - Person: Grzegorz Tworek
    Handle: '@0gtweet'