From 9e93193646b8906c50e5de8c24104dbd75024c65 Mon Sep 17 00:00:00 2001
From: Mattis <71733636+matt-kowalski@users.noreply.github.com>
Date: Wed, 9 Apr 2025 00:47:54 +0200
Subject: [PATCH] updated T1569.002 Use PsExec to execute a command on a remote
 host (#3090)

Co-authored-by: Mattis Swannet <mattis.swannet@nynox.eu>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
---
 atomics/T1569.002/T1569.002.yaml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/atomics/T1569.002/T1569.002.yaml b/atomics/T1569.002/T1569.002.yaml
index 5f084086..11873de7 100644
--- a/atomics/T1569.002/T1569.002.yaml
+++ b/atomics/T1569.002/T1569.002.yaml
@@ -65,8 +65,9 @@ atomic_tests:
       Copy-Item "PathToAtomicsFolder\..\ExternalPayloads\PsTools\PsExec.exe" "PathToAtomicsFolder\..\ExternalPayloads\PsExec.exe" -Force
   executor:
     command: |
-      "PathToAtomicsFolder\..\ExternalPayloads\PsExec.exe" \\#{remote_host} -u #{user_name} -p #{password} -accepteula "C:\Windows\System32\calc.exe"
+      "PathToAtomicsFolder\..\ExternalPayloads\PsExec.exe" \\#{remote_host} -i -u #{user_name} -p #{password} -accepteula "C:\Windows\System32\calc.exe"
     name: command_prompt
+    elevation_required: true
 - name: psexec.py (Impacket)
   auto_generated_guid: edbcd8c9-3639-4844-afad-455c91e95a35
   description: |