5b6429b98adf532e6f694c9a6cd1a1943b4aa3d5ea524d4fb353939fd9c61342
Author: Microsoft
Source: Wild
Summary
Mshta.exe is used to execute an HTML Application (HTA). An HTA is a Microsoft Windows program whose source code consists of HTML, Dynamic HTML, and one or more scripting languages supported by Internet Explorer, such as VBScript or JScript.
EchoTrail Prevalence Score (EPS)
13.24
Rank Analysis
Host Prevalence
5.3%
Execution Rank
67,685th
Behavioral Analysis
Top Filenames
Top Paths
C:\Windows\SysWOW64
80.14 %
loading...
Top Network Ports
443
66.13 %
loading...
Ancestry Analysis
Top GrandParents
Top Children
Security Analysis
Intel
Mshta.exe isn't normally launched by shells. When this does happen, it's possible an attacker is attempting to abuse mshta's ability to run arbitrary scripts and make network connections. Sigma Detection Rule: https://github.com/SigmaHQ/sigma/blob/eb382c4a59b6d87e186ee269805fe2db2acf250e/rules/windows/process_creation/win_shell_spawn_mshta.yml