Exploit.T1170Execution

detection icon

Short bio

Exploit.T1170Execution is Malwarebytes’ detection name for the malicious usage of mshta.exe.

Technique

Exploit.T1170Execution monitors, detects, and blocks the malicious usage of mshta.exe. T1170 is a reference to the Mitre Att&ck technique System Binary Proxy Execution: Mshta: Adversaries may abuse mshta.exe to proxy execution of malicious .hta files and Javascript or VBScript through a trusted Windows utility. Mshta.exe is a utility that executes Microsoft HTML Applications (HTA) files. HTAs are standalone applications that execute using the same models and technologies of Internet Explorer, but outside of the browser.

Protection

Malwarebytes protects your system(s) by blocking the malicious usage of mshta.exe and displays the message T1170 – Execution

list of Exploit detections in Nebula
detection icon

Related blog content

Contributors icon

Contributors

Threat Center icon

Threat Center

Podcasts icon

Podcast

Glossary icon

Glossary

Scams icon

Scams