Skip to content

Hide Navigation Hide TOC

Remotely Hosted HTA File Executed Via Mshta.EXE (b98d0db6-511d-45de-ad02-e82a98729620)

Detects execution of the "mshta" utility with an argument containing the "http" keyword, which could indicate that an attacker is executing a remotely hosted malicious hta file

Cluster A Galaxy A Cluster B Galaxy B Level
Remotely Hosted HTA File Executed Via Mshta.EXE (b98d0db6-511d-45de-ad02-e82a98729620) Sigma-Rules Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) Attack Pattern 1
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) Attack Pattern 2