legitimate use to compile jscript by developers.

t1127
windows
sigma

Techniques

t1127

Sample rules

JScript Compiler Execution

source: sigma
technicques:
- t1127

Description

Detects the execution of the “jsc.exe” (JScript Compiler). Attacker might abuse this in order to compile JScript files on the fly and bypassing application whitelisting.

Detection logic

condition: selection
selection:
- Image|endswith: \jsc.exe
- OriginalFileName: jsc.exe