HIGH Script Engine Activity - 2325564505

Prevented (Blocked) ID: #297 | Detected: 2026-01-01 01:45:24 | Malware
View Incident Back
Alert Overview

Suspicious script engine activity

Unclassified
XDR Agent
New
DS:PANW/XDR Agent DOM:Security
Host Information
BOOK-R0BE6S1NC3
172.27.1.74
ubuntu
fb5c54168a024bea95ad1bfc092f7a53
00:72:ee:3e:51:84
Process Information Process Execution
Actor Process (Executor)
Process Name WindowsTerminal.exe
Path C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.23.13503.0_x64__8wekyb3d8bbwe\WindowsTerminal.exe
PID 12680
SHA256 aba55eb3398b290ebd93ae83b34a9e51d6b5763ac8c0172b39e8a4b6f53b9f8d VT
MD5 c981ce8e4ad1d6cf0719d54b7d94b7d2
Signature Microsoft Corporation Signed 
"C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.23.13503.0_x64__8wekyb3d8bbwe\WindowsTerminal.exe"
Parent Process (Causality)
Process Name WindowsTerminal.exe
Path C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.23.13503.0_x64__8wekyb3d8bbwe\WindowsTerminal.exe
SHA256 aba55eb3398b290ebd93ae83b34a9e51d6b5763ac8c0172b39e8a4b6f53b9f8d VT 
"C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.23.13503.0_x64__8wekyb3d8bbwe\WindowsTerminal.exe"
MITRE ATT&CK Mapping
TA0005 - Defense Evasion TA0002 - Execution
T1059 - Command and Scripting Interpreter T1059.001 - Command and Scripting Interpreter: PowerShell
Quick Actions
View Related Incident View Endpoint Check Hash on VirusTotal Back to Alerts
Severity Analysis
HIGH

High priority investigation needed

Summary
Events 1
IP Addresses 1
Tags 2
File Artifacts Yes
Network Artifacts No
Registry Artifacts No
Analyst Verdict