Execute Javascript With Jscript Com Clsid

Execute Javascript With Jscript Com Clsid

Description

This analytic will identify suspicious process of cscript.exe where it tries to execute javascript using jscript.encode CLSID (COM OBJ). This technique was seen in ransomware (reddot ransomware) where it execute javascript with this com object with combination of amsi disabling technique.

   Help

Execute Javascript With Jscript Com Clsid Help

To successfully implement this search you need to be ingesting information on process that include the name of the Filesystem responsible for the changes from your endpoints into the Endpoint datamodel in the Filesystem node.

   Search

Open in Search