Tag
This analytic detects the anomalous execution of mshta.exe or rundll32.exe invoking mshtml.dll without a direct HTTP/HTTPS URL in the command line, potentially indicating obfuscated script execution by threat actors for initial access or payload staging while evading static detections.