Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
Attackers often deliver malicious code to victims through HTML Application (HTA) files. Attack tools help attackers create malicious HTA files for Windows devices. If malicious code from an HTA file runs on the victim, the attacker can compromise the device and launch attacks on the network.
The system might change the risk score for this detection.
Kill Chain
Risk Score
60
%20File%20Download%20Activity-LT.png&w=1080&q=75)
Microsoft HTML Application (HTA) files are programs written in HTML and scripting languages such as VBScript or JScript. The Windows mshta.exe utility runs local and remote HTA files through Internet Explorer, but the files are run outside of the browser security settings. Browsers typically prohibit code in HTML files from modifying system resources, such as registry keys. However, the code in HTA files is permitted to modify system resources and run through a trusted signed Microsoft binary file. If mshta.exe runs an HTA file that contains malicious code, malware can be delivered to a device.
Quarantine the client to check for indicators of compromise
Disable or block the mshta.exe utility
Block inbound HTA files at the network perimeter
Change the default file handler for the .hta file extension to an application that does not run the file, such as notepad.exe
Block the ability to run HTA files
