Rule Document 1:47077

Report a false positive

Rule Category

MALWARE-OTHER --

Alert Message

MALWARE-OTHER HTA script hidden window execution attempt

Rule Explanation

This event is generated when an HTA script is detection moving the window off of screen by using a negative moveTo and then resizing the window to 0. This is done so that the user doesn't see a window pop up during code execution. Impact: A Network Trojan was detected Details: Ease of Attack:

What To Look For

This event is generated when an HTA script is downloaded.

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

Rule Groups

No rule groups

CVE

None

Additional Links

virustotal.com/en/file/240b7d2825183226af634d3801713b0e0f409eb3e1e48e1d36c96d2b03d8836b/analysis/

Rule Vulnerability

No information provided

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.

None

MITRE ATT&CK Framework

Tactic: Initial Access

Technique: Spearphishing Attachment

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org