Mshta.exe is a utility that executes Microsoft HTML Applications (HTA) files.  HTAs are standalone applications that execute using the same models and technologies of Internet Explorer, but outside of the browser. 
Files may be executed by mshta.exe through an inline script:
They may also be executed directly from URLs:
Mshta.exe can be used to bypass application control solutions that do not account for its potential use. Since mshta.exe executes outside of the Internet Explorer's security context, it also bypasses browser security settings. 
|C0016||Operation Dust Storm|
|M1042||Disable or Remove Feature or Program||
Mshta.exe may not be necessary within a given environment since its functionality is tied to older versions of Internet Explorer that have reached end of life.
Use application control configured to block execution of
|ID||Data Source||Data Component||Detects|
Look for mshta.exe executing raw or obfuscated script within the command-line. Compare recent invocations of mshta.exe with prior history of known good arguments and executed .hta files to determine anomalous and potentially adversarial activity. Command arguments used before and after the mshta.exe invocation may also be useful in determining the origin and purpose of the .hta file being executed.
Monitor use of HTA files. If they are not typically used within an environment then execution of them may be suspicious
|DS0029||Network Traffic||Network Connection Creation||
Monitor for newly constructed network connections that are sent or received by untrusted hosts.
Use process monitoring to monitor the execution and arguments of mshta.exe.