Cacheset.exe

  • File Path: C:\SysinternalsSuite\Cacheset.exe

Hashes

Type Hash
MD5 99936EC7843663C081BA7AD33AAB9D17
SHA1 2480B88218C418644240A8770FDF872BECC19E8B
SHA256 86CCAEFA38445954555385CEB21D206B98175791D5F0895B0EFABF0D4E40A675
SHA384 648E85D7538C33954F84808B7895F03C4F03E72EABC239E62FDD9C7BD1819181209AAA3730F5C94258F6C9A867B95269
SHA512 52C828CD3542C237F0ECC3890A40EFE71B482689C352E599CDA99E1F84A8DDBEDD04822C93AD150521810C33ED1545A69943372C10FF33F4B94C764EF31EFF13
SSDEEP 1536:B8sPxWtJ+YK1htWLTTdkmVnTA6uvJWuHaeVw:B5+J+nhtKhMWfow
IMP 439A3D1D985661E145989E94CD516315
PESHA1 7062B428639E25D9BC207EB02EF0EB332ABA5087
PE256 39708DE149A688DED17242E64A47B79F282F71B4F5F16BDF8044EE43D2B1CFF6

Runtime Data

Open Handles:

Path Type
(R-D) C:\Windows\Fonts\StaticCache.dat File
(RW-) C:\Windows File
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.488_none_89e6152f0b32762e File
(RW-) C:\xCyclopedia File
\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section
\Sessions\1\Windows\Theme2036293991 Section
\Windows\Theme1324212991 Section

Loaded Modules:

Path
C:\SysinternalsSuite\Cacheset.exe
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll

Signature

  • Status: Signature verified.
  • Serial: 61469ECB000400000065
  • Thumbprint: 564E01066387F26C912010D06BD78D3CF1E845AB
  • Issuer: CN=Microsoft Code Signing PCA, OU=Copyright (c) 2000 Microsoft Corp., O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename:
  • Product Name:
  • Company Name:
  • File Version:
  • Product Version:
  • Language:
  • Legal Copyright:
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 1/69
  • VirusTotal Link: https://www.virustotal.com/gui/file/86ccaefa38445954555385ceb21d206b98175791d5f0895b0efabf0d4e40a675/detection/

File Similarity (ssdeep match)

File Score
C:\SysinternalsSuite\AccessEnum.exe 43
C:\SysinternalsSuite\adrestore.exe 49
C:\SysinternalsSuite\ctrl2cap.exe 46
C:\SysinternalsSuite\Diskmon.exe 27
C:\SysinternalsSuite\efsdump.exe 50
C:\SysinternalsSuite\ldmdump.exe 43
C:\SysinternalsSuite\pagedfrg.exe 35

Possible Misuse

The following table contains possible examples of Cacheset.exe being misused. While Cacheset.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_false_sysinternalsuite.yml - '\Cacheset.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.