---
Name: Microsoft.NodejsTools.PressAnyKey.exe
Description: Part of the NodeJS Visual Studio tools.
Author: mr.d0x
Created: 2022-01-20
Commands:
  - Command: Microsoft.NodejsTools.PressAnyKey.exe normal 1 cmd.exe
    Description: Launch cmd.exe as a subprocess of Microsoft.NodejsTools.PressAnyKey.exe.
    Usecase: Spawn a new process via Microsoft.NodejsTools.PressAnyKey.exe.
    Category: Execute
    Privileges: User
    MitreID: T1127
    OperatingSystem: Windows
Full_Path:
  - Path: C:\Program Files\Microsoft Visual Studio\*\Community\Common7\IDE\Extensions\Microsoft\NodeJsTools\NodeJsTools\Microsoft.NodejsTools.PressAnyKey.exe
  - Path: C:\Program Files (x86)\Microsoft Visual Studio\*\Community\Common7\IDE\Extensions\Microsoft\NodeJsTools\NodeJsTools\Microsoft.NodejsTools.PressAnyKey.exe
Detection:
  - Sigma: https://github.com/SigmaHQ/sigma/blob/b02e3b698afbaae143ac4fb36236eb0b41122ed7/rules/windows/process_creation/proc_creation_win_renamed_pressanykey.yml
  - Sigma: https://github.com/SigmaHQ/sigma/blob/b02e3b698afbaae143ac4fb36236eb0b41122ed7/rules/windows/process_creation/proc_creation_win_pressanykey_lolbin_execution.yml
Resources:
  - Link: https://twitter.com/mrd0x/status/1463526834918854661
Acknowledgement:
  - Person: mr.d0x
    Handle: '@mrd0x'