Skip to content

Hide Navigation Hide TOC

MSHTA Suspicious Execution 01 (cc7abbd0-762b-41e3-8a26-57ad50d2eea3)

Detection for mshta.exe suspicious execution patterns sometimes involving file polyglotism

Cluster A Galaxy A Cluster B Galaxy B Level
Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) Attack Pattern MSHTA Suspicious Execution 01 (cc7abbd0-762b-41e3-8a26-57ad50d2eea3) Sigma-Rules 1
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern MSHTA Suspicious Execution 01 (cc7abbd0-762b-41e3-8a26-57ad50d2eea3) Sigma-Rules 1
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern MSHTA Suspicious Execution 01 (cc7abbd0-762b-41e3-8a26-57ad50d2eea3) Sigma-Rules 1
Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) Attack Pattern System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 2
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2