Microsoft.SharePoint.exe

  • File Path: C:\Users\user\AppData\Local\Microsoft\OneDrive\21.220.1024.0001\Microsoft.SharePoint.exe
  • Description: Microsoft SharePoint

Hashes

Type Hash
MD5 E506372420D151E40C0B5C6C368A96E6
SHA1 A1D259B8923D6D833CD66C9D793F25337BE1F174
SHA256 EA0D2F722FEC4497E4D8DCA5B299BCA70EED9FC9D02FB8C4CC5876AC2CF70F43
SHA384 7E7E6993EE752C1698B416B94948848E3610299BE0D02A3982C391DC8CE63DE4EFA96A4D8CEDC3007DD11C859D33AE89
SHA512 F5A1CCA677841B74EFF74341DD583DEDDA202F7314DA1FF66BD545AE1A12DBFCC8AE711ACAFB2F36E8A045C9ED5FB0234DE534049200DB31BF192AA67E201272
SSDEEP 12288:F+aFZXEOwbX8McFegCs+WXQRVPpTibh7Ku1zbr/h5RoudaddsCyCpMjDUpetBbXp:pLEcFv5ELzetBbXocItKMR5YjK6Acz
IMP DA772FCF017733933A4506713839B2E3
PESHA1 98DB20678E5CCC36EB9B92DC11777F1E231F2466
PE256 3C20BA0906E68142EFFB3737722C4C0EB68C7CF1E32FB3A84823F8308AAB7B72

Runtime Data

Usage (stdout):

[OneAuth:Error:9benb:00000000-0000-0000-0000-000000000000] (Code:3800) Default account was not set. User cannot sign-in silently. Default account not found.
[OneAuth:Error:9benb:a5f2a7f6-db52-4698-9f09-3ceaa885c1bc] (Code:3800) Default account was not set. User cannot sign-in silently. Default account not found.
[OneAuth:Error:9benb:0c6fc91d-6109-4236-b1d4-f8c5c7f0c7df] (Code:3800) Default account was not set. User cannot sign-in silently. Default account not found.

Usage (stderr):

[OneAuth:Error:9benb:00000000-0000-0000-0000-000000000000] (Code:3800) Default account was not set. User cannot sign-in silently. Default account not found.
[OneAuth:Error:9benb:a5f2a7f6-db52-4698-9f09-3ceaa885c1bc] (Code:3800) Default account was not set. User cannot sign-in silently. Default account not found.
[OneAuth:Error:9benb:0c6fc91d-6109-4236-b1d4-f8c5c7f0c7df] (Code:3800) Default account was not set. User cannot sign-in silently. Default account not found.

Open Handles:

Path Type
(R–) C:\Users\user\AppData\Local\Microsoft\OneDrive\logs\ListSync\Business1\Nucleus-2021-11-07.2318.8820.1.aodl File
(R–) C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install_2021-11-07_231824_8820-11192.log File
(R-D) C:\Users\user\AppData\Local\Microsoft\OneDrive\21.220.1024.0001\en\FileSync.LocalizedResources.dll.mui File
(R-D) C:\Windows\System32\en-US\crypt32.dll.mui File
(R-D) C:\Windows\System32\en-US\kernel32.dll.mui File
(R-D) C:\Windows\System32\en-US\KernelBase.dll.mui File
(R-D) C:\Windows\System32\en-US\mswsock.dll.mui File
(R-D) C:\Windows\System32\en-US\winnlsres.dll.mui File
(R-D) C:\Windows\System32\WinMetadata\Windows.Security.winmd File
(RW-) C:\Users\user\AppData\Local\Microsoft\OneDrive\ListSync\Business1\settings\Microsoft.ListSync.db File
(RW-) C:\Users\user\AppData\Local\Microsoft\OneDrive\logs\ListSync\Business1\microsoftNucleusTelemetryCache.otc File
(RW-) C:\Users\user\AppData\Local\Microsoft\OneDrive\logs\ListSync\Business1\microsoftNucleusTelemetryCache.otc-shm File
(RW-) C:\Users\user\AppData\Local\Microsoft\OneDrive\logs\ListSync\Business1\microsoftNucleusTelemetryCache.otc-wal File
(RW-) C:\Windows\System32 File
\BaseNamedObjects__ComCatalogCache__ Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro Section
\BaseNamedObjects\F932B6C7-3A20-46A0-B8A0-8894AA421973 Section
\Sessions\2\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\Sessions\2\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section
\Sessions\2\BaseNamedObjects\UrlZonesSM_TI-ADMIN Section
\Sessions\2\BaseNamedObjects\windows_shell_global_counters Section
\Sessions\2\BaseNamedObjects\windows_webcache_counters_{9B6AB5B3-91BC-4097-835C-EA2DEC95E9CC}_S-1-5-21-1128764013-3361508229-3049782613-1001 Section
\Sessions\2\Windows\Theme1077709572 Section
\Windows\Theme3461253685 Section

Loaded Modules:

Path
C:\Users\user\AppData\Local\Microsoft\OneDrive\21.220.1024.0001\Microsoft.SharePoint.exe
C:\WINDOWS\System32\ADVAPI32.dll
C:\WINDOWS\System32\combase.dll
C:\WINDOWS\System32\CRYPT32.dll
C:\WINDOWS\System32\GDI32.dll
C:\WINDOWS\System32\gdi32full.dll
C:\WINDOWS\System32\IMM32.DLL
C:\WINDOWS\System32\KERNEL32.DLL
C:\WINDOWS\System32\KERNELBASE.dll
C:\WINDOWS\System32\msvcp_win.dll
C:\WINDOWS\System32\msvcrt.dll
C:\WINDOWS\SYSTEM32\ntdll.dll
C:\WINDOWS\System32\ole32.dll
C:\WINDOWS\System32\OLEAUT32.dll
C:\WINDOWS\System32\RPCRT4.dll
C:\WINDOWS\System32\sechost.dll
C:\WINDOWS\SYSTEM32\Secur32.dll
C:\WINDOWS\System32\SHELL32.dll
C:\WINDOWS\System32\SHLWAPI.dll
C:\WINDOWS\SYSTEM32\SSPICLI.DLL
C:\WINDOWS\System32\ucrtbase.dll
C:\WINDOWS\System32\USER32.dll
C:\WINDOWS\SYSTEM32\USERENV.dll
C:\WINDOWS\SYSTEM32\VERSION.dll
C:\WINDOWS\System32\win32u.dll
C:\WINDOWS\SYSTEM32\WININET.dll
C:\WINDOWS\SYSTEM32\WTSAPI32.dll

Signature

  • Status: Signature verified.
  • Serial: 33000003F16206E3E7EFDA8ABE0000000003F1
  • Thumbprint: 5362FAEB842C236D05A729B7FAC85BAA1B68BDCA
  • Issuer: CN=Microsoft Code Signing PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: Microsoft.SharePoint.exe
  • Product Name: Microsoft SharePoint
  • Company Name: Microsoft Corporation
  • File Version: 21.220.1024.0001
  • Product Version: 21.220.1024.0001
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/73
  • VirusTotal Link: https://www.virustotal.com/gui/file/ea0d2f722fec4497e4d8dca5b299bca70eed9fc9d02fb8c4cc5876ac2cf70f43/detection

Possible Misuse

The following table contains possible examples of Microsoft.SharePoint.exe being misused. While Microsoft.SharePoint.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma microsoft365_suspicious_oauth_app_file_download_activities.yml description: Detects when a Microsoft Cloud App Security reported when an app downloads multiple files from Microsoft SharePoint or Microsoft OneDrive in a manner that is unusual for the user. DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.