What the SHA-256 Value in the Fileless Script Load Metadata is
search cancel

What the SHA-256 Value in the Fileless Script Load Metadata is

book

Article ID: 285955

calendar_today

Updated On:

Products

Carbon Black EDR

Issue/Introduction

What is being hashed in the Fileless Script Load Metadata?

Environment

  • EDR Sensor:All
  • EDR Server:All

Resolution

The SHA-256 value reported in the Fileless Script Load Metadata is a hash of the command line. 

Additional Information

For Example: 

The log entry below is from a Fileless event:

Fileless Script Load Metadata
SHA-256
7CD37E56C5FC93017337A523D4E2524C43C3746FAF66F7EA06EB64DAC4E374BB
Command length
10
Command line
.\Test.ps1

In the above log entry the hash is of the "Command Line" and not the file Test.ps1

 

Powered by Wolken Software