s2
--:--:--UTC

Searching APEX

Starting…

  1. Searching Threats, IOCs & Threat Intelligence locally
  2. Querying external providers
  3. Asking AI Forensic Validator
  4. Creating new entry from validated hit

0s elapsed

MB-7b8c5882c57eb5ad3f6fd813c651dcea19811c0d5a67acc326aa2d9b19d3ee62 high

📛 Threat Title

Unknown: Wahhabism.ps1

Category: Unknown Published: Source updated: First seen: Last updated: Source: Abuse.ch

Description

File type: ps1. Size: 1347 bytes. Tags: ps1. Reporter: BastianHein_. First seen: 2026-06-18 00:01:37.

Remediations (10)

  • Microsoft Intune Remediation Scripts - GitHub
    web:github.com

    A comprehensive collection of Microsoft Intune remediation scripts and configurations designed for enterprise endpoint management, device compliance enforcement, and automated system fixes. This repository provides production-ready PowerShell scripts that integrate seamlessly with Intune's remediation framework.

  • Intune/CVE-2026-45585/Remediate-CVE-2026-45585.ps1 at main ... - GitHub
    web:github.com

    Remediation script to mitigates CVE-2026-45585 by removing autofstx.exe

  • Use Remediations to Detect and Fix Support Issues - Microsoft Intune
    web:learn.microsoft.com

    Learn more about Remediations in Microsoft Intune, including what Remediations are and view any prerequisites and licensing requirements. Also, learn how to deploy built-in and custom remediation scripts, and learn how to monitor your scripts.

  • Troubleshooting & Enhancing Logging for Intune Remediations
    web:mobile-jon.com

    Troubleshooting Intune Remediations can be challenging sometimes, but with a strong methodology around logging and iteration you can make it easy.

  • Next-generation Autopilot Troubleshooting - Out of Office Hours
    web:oofhours.com

    I've done a few troubleshooting blog posts over the years, and they are easily the most popular on my site. This one in particular is still going strong (#1 post of all time), almost five years later: Windows Autopilot diagnostics: Digging deeper That post introduced a script called Get-AutopilotDiagnostics.ps1, which is still available on the PowerShell Gallery and has been downloaded 6.5 ...

  • How to Troubleshoot Intune Remediation Scripts Locally
    web:scloud.work

    When a proactive remediation script fails to work as expected, it's much faster to test it locally than wait for the next sync from Intune. In this post, I'll show you how I troubleshoot Intune remediation scripts directly on a Windows device. This includes script locations, relevant logs, and registry entries that help verify what […]

  • Proactive Remediations in Intune — Or, How I Learned to Stop Worrying ...
    web:www.cloudcook.ch

    A way to automate the pain away with custom detection and remediation scripts, all lovingly shoved down to the endpoints via Intune. Welcome to Proactive Remediations — Intune's built-in scripting voodoo that lets you find and fix problems on autopilot, before users even realize something's broken (or have the chance to hysterically call IT ...

  • My most used Proactive Remediations - Joey Verlinden
    web:www.joeyverlinden.com

    The complete detection script can be found here. The remediation script can be found here. Detect_CloudDeliveredProtection.ps1 / Remediate_CloudDeliveredProtection.ps1 This proactive remediation is built by Simon Eriksen. Credits go to him directly! This proactive remediation configures the device to send advanced information to Microsoft about malicious software, spyware, and potentially ...

  • WhatsApp malware campaign delivers VBScript and MSI backdoors
    web:www.microsoft.com

    A malware campaign uses WhatsApp messages to deliver VBS scripts that initiate a multi-stage infection chain. The attack leverages renamed Windows tools and cloud-hosted payloads to install MSI backdoors and maintain persistent access to compromised systems.

  • How to use Intune Remediation script - System Center Dudes
    web:www.systemcenterdudes.com

    In this post, we will describe how to use Intune Remediation script with an example to uninstall an application based on detection script.

Indicators of Compromise (3)

Each indicator is enriched from the IOC database, threat-intel feed corroboration (Threat Hunt) and VirusTotal. Click one to expand.

hash_sha256 7b8c5882c57eb5ad3f6fd813c651dcea19811c0d5a67acc326aa2d9b19d3ee62 VT 23 / 74

IOC database

Type
hash_sha256
Value
7b8c5882c57eb5ad3f6fd813c651dcea19811c0d5a67acc326aa2d9b19d3ee62
First seen
Last seen
Attached to this threat
Appears in
1 threat
Description
Unknown

Open the full IOC page →

Threat Hunt — feed corroboration

Not present in any configured threat-intel feed.

Flagged by 23 of 74 VirusTotal vendors

VendorVerdictDetection
alibabacloud malicious Trojan[downloader]:Win/Wacatac.C9nj
Arcabit malicious CMD:Heur.BZC.PZQ.Boxter.971.C4462686
Avast malicious Script:SNH-gen [Drp]
AVG malicious Script:SNH-gen [Drp]
Avira malicious DR/SNH
BitDefender malicious CMD:Heur.BZC.PZQ.Boxter.971.C4462686
CTX malicious powershell.trojan.generic
Cynet malicious Malicious (score: 99)
Emsisoft malicious CMD:Heur.BZC.PZQ.Boxter.971.C4462686 (B)
ESET-NOD32 malicious Generik.MILJPHF trojan
F-Secure malicious Dropper.DR/SNH
GData malicious CMD:Heur.BZC.PZQ.Boxter.971.C4462686
Google malicious Detected
huorong malicious TrojanDownloader/PS.Netloader.nq
Kaspersky malicious HEUR:Trojan-Downloader.PowerShell.Agent.gen
Lionic malicious Trojan.PowerShell.Agent.a!c
McAfeeD malicious ti!7B8C5882C57E
Microsoft malicious Trojan:Script/Wacatac.B!ml
MicroWorld-eScan malicious CMD:Heur.BZC.PZQ.Boxter.971.C4462686
Symantec malicious Trojan.Gen.NPE
Tencent malicious Win32.Trojan-Downloader.Agent.Ytjl
Varist malicious ABApplication.UJ
VIPRE malicious CMD:Heur.BZC.PZQ.Boxter.971.C4462686

Details From VirusTotal

Basic Properties
MD51a0590c9f835ca682765c89652f3275c
SHA-1782412016181bb7aa9951775ce50b5d16c51970c
SHA-2567b8c5882c57eb5ad3f6fd813c651dcea19811c0d5a67acc326aa2d9b19d3ee62
VHashbf6bb592420c441b9baac04ea71a0bc4
SSDEEP24:Hv1WmKIEQSClornT137KVgH5zjghIWptCIC20hmq5sdTu7SgZpZI7SYKeFaJmwmc:NW9I78LT1OVAzjghIWptRCwqkTZgnRR9
TLSHT1EB2142E14194D03D379C91AB34180F1B8BEA751F2430DD60C3D54A8B8B8E424E76E1BA
File typePowershell
File type tagpowershell
File extensionps1
MagicASCII text, with CRLF line terminators
File size1.3 KB
History
First seen on VirusTotal2026-06-16 11:34 UTC
Last submission2026-06-18 00:03 UTC
Last analysis2026-06-18 00:03 UTC
Last modified on VirusTotal2026-06-18 00:08 UTC
Known Names
  • _7b8c5882c57eb5ad3f6fd813c651dcea19811c0d5a67acc326aa2d9b19d3ee62.txt
  • Wahhabism.ps1
hash_sha1 782412016181bb7aa9951775ce50b5d16c51970c

IOC database

Type
hash_sha1
Value
782412016181bb7aa9951775ce50b5d16c51970c
First seen
Last seen
Attached to this threat
Appears in
1 threat

Open the full IOC page →

Threat Hunt — feed corroboration

Not present in any configured threat-intel feed.

Details From VirusTotal

No VirusTotal details cached for this IOC. Open the IOC page to query VirusTotal.

hash_md5 1a0590c9f835ca682765c89652f3275c

IOC database

Type
hash_md5
Value
1a0590c9f835ca682765c89652f3275c
First seen
Last seen
Attached to this threat
Appears in
1 threat

Open the full IOC page →

Threat Hunt — feed corroboration

Not present in any configured threat-intel feed.

Details From VirusTotal

No VirusTotal details cached for this IOC. Open the IOC page to query VirusTotal.

References (1)

  • MalwareBazaar sample page Abuse.ch

    File type: ps1. Size: 1347 bytes. Tags: ps1. Reporter: BastianHein_. First seen: 2026-06-18 00:01:37.

AI Forensic Analysis

Only Available for Registered Users. Sign in to view.