Windows

Mshta.exeMshta.exe

Platform
Windows
Abuse functions
5
Mapped techniques
2

Description

Mshta.exe is a Windows living-off-the-land binary catalogued by the LOLBAS Project. Documented abuse functions: Execute, ADS, Download. Mapped ATT&CK techniques (per LOLBAS / GTFOBins → MITRE crosswalk): T1105, T1218, T1564.004. Defenders should monitor execution of Mshta.exe under non-administrative or sudo contexts and alert when its arguments match the abuse-function signatures.

Abuse functions· 5

ExecuteT1218.005

Execute code

ExecuteT1218.005

Execute code

ExecuteT1218.005

Execute code

Execute code hidden in alternate data stream

DownloadT1105

Downloads payload from remote server

MITRE ATT&CK techniques· 2

T1218.005T1105

Uses2

TypeTargetConfidenceTier
SubTechniqueMshtat1218.005100%live
TechniqueIngress Tool Transfert1105100%live

Abuses3

TypeTargetConfidenceTier
SubTechniqueNTFS File Attributest1564.00490%live
TechniqueIngress Tool Transfert110585%live
TechniqueSystem Binary Proxy Executiont121885%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

LOLbin
Msdt.exe
LOLbin
Hh.exe
LOLbin
MsoHtmEd.exe
Sub-technique
Mshta
LOLbin
MpCmdRun.exe
LOLbin
Mmc.exe
Sourced from LOLBAS Project. Curated by Adam Lundqvist, SQUR.