Skip to content

Hide Navigation Hide TOC

HTML Help HH.EXE Suspicious Child Process (52cad028-0ff0-4854-8f67-d25dfcbc78b4)

Detects a suspicious child process of a Microsoft HTML Help (HH.exe)

Cluster A Galaxy A Cluster B Galaxy B Level
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern HTML Help HH.EXE Suspicious Child Process (52cad028-0ff0-4854-8f67-d25dfcbc78b4) Sigma-Rules 1
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern HTML Help HH.EXE Suspicious Child Process (52cad028-0ff0-4854-8f67-d25dfcbc78b4) Sigma-Rules 1
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern HTML Help HH.EXE Suspicious Child Process (52cad028-0ff0-4854-8f67-d25dfcbc78b4) Sigma-Rules 1
Regsvr32 - T1218.010 (b97f1d35-4249-4486-a6b5-ee60ccf24fab) Attack Pattern HTML Help HH.EXE Suspicious Child Process (52cad028-0ff0-4854-8f67-d25dfcbc78b4) Sigma-Rules 1
HTML Help HH.EXE Suspicious Child Process (52cad028-0ff0-4854-8f67-d25dfcbc78b4) Sigma-Rules Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 1
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern HTML Help HH.EXE Suspicious Child Process (52cad028-0ff0-4854-8f67-d25dfcbc78b4) Sigma-Rules 1
Compiled HTML File - T1218.001 (a6937325-9321-4e2e-bb2b-3ed2d40b2a9d) Attack Pattern HTML Help HH.EXE Suspicious Child Process (52cad028-0ff0-4854-8f67-d25dfcbc78b4) Sigma-Rules 1
HTML Help HH.EXE Suspicious Child Process (52cad028-0ff0-4854-8f67-d25dfcbc78b4) Sigma-Rules Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 1
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern HTML Help HH.EXE Suspicious Child Process (52cad028-0ff0-4854-8f67-d25dfcbc78b4) Sigma-Rules 1
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern HTML Help HH.EXE Suspicious Child Process (52cad028-0ff0-4854-8f67-d25dfcbc78b4) Sigma-Rules 1
HTML Help HH.EXE Suspicious Child Process (52cad028-0ff0-4854-8f67-d25dfcbc78b4) Sigma-Rules Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 1
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern 2
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern Regsvr32 - T1218.010 (b97f1d35-4249-4486-a6b5-ee60ccf24fab) Attack Pattern 2
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
Compiled HTML File - T1218.001 (a6937325-9321-4e2e-bb2b-3ed2d40b2a9d) Attack Pattern System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2