.. /OpenConsole.exe
Star

Console Window host for Windows Terminal

Paths:

C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\Common7\IDE\CommonExtensions\Microsoft\Terminal\ServiceHub\os64\OpenConsole.exe
C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\Common7\IDE\CommonExtensions\Microsoft\Terminal\ServiceHub\os86\OpenConsole.exe
C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\CommonExtensions\Microsoft\Terminal\ServiceHub\os64\OpenConsole.exe

Resources:

https://twitter.com/nas_bench/status/1537563834478645252

Acknowledgements:

Nasreddine Bencherchali (@nas_bench)

Detection:

IOC: OpenConsole.exe spawning unexpected processes
Sigma: https://github.com/SigmaHQ/sigma/blob/9e0ef7251b075f15e7abafbbec16d3230c5fa477/rules/windows/process_creation/proc_creation_win_lolbin_openconsole.yml

Execute

Execute calc with OpenConsole.exe as parent process
```
OpenConsole.exe calc
```
Use case
Use OpenConsole.exe as a proxy binary to evade defensive counter-measures

Privileges required
User

Operating systems
Windows 10, Windows 11

ATT&CK® technique
T1202