==================================================

CREATED: WIN-MSHTA-SPAWN-MSBUILD (#2017)

Description

This detector identfies instances of the Microsoft HTML Application Host (mshta.exe) spawning the Microsoft code building process (msbuild.exe). Adversaries will utilize the scripting ability of Mshta to compile binaries with msbuild to evade common detection methods.

ATT&CK Technique T1127
ATT&CK Technique T1170

Did this answer your question?