StartMenuExperienceHost.exe

  • File Path: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

Hashes

Type Hash
MD5 1A22F5A210423A8BDDBC16102BD49E5D
SHA1 73CCE12CEFF63976D125732863375A38946199FE
SHA256 185339CAC3F7A459F91731D7DC1F50B55A19725F05BBF676BD99BA10CFB33010
SHA384 BDE31F8D350F2E7EEEE0CBBD0BF000750AC8C03C82C735CE423883D672AA7545850B03344CDDCEA90A6788268691D619
SHA512 B3BE7D27415E45AA0B1AD209A80DF891C9453806366EE8B8AA45C9AB81CF8D58786535F5C9B17DF26741FDDE45577BC670BA4DE65CA3134EA2BE5009E965EF18
SSDEEP 12288:lSBKWtVsf0z3uSPpvmJQX2e68ORkODsa6y86XuJQ:lbWtyf07Xpvm8JORkODs69
IMP 2E421B1476FFB1DB0FFA09D9C0541147
PESHA1 D069F842FDBEA73295C90345931881D7998A3BF2
PE256 7393708F32E071D19AB0C361A78AA85C087AF078448D3FF3E6116032522EB336

Runtime Data

Loaded Modules:

Path
C:\Windows\System32\combase.dll
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\System32\msvcrt.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\RPCRT4.dll
C:\Windows\System32\ucrtbase.dll
C:\Windows\SYSTEM32\wincorlib.DLL
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename:
  • Product Name:
  • Company Name:
  • File Version:
  • Product Version:
  • Language:
  • Legal Copyright:
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/62
  • VirusTotal Link: https://www.virustotal.com/gui/file/185339cac3f7a459f91731d7dc1f50b55a19725f05bbf676bd99ba10cfb33010/detection/

Possible Misuse

The following table contains possible examples of StartMenuExperienceHost.exe being misused. While StartMenuExperienceHost.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma sysmon_raw_disk_access_using_illegitimate_tools.yml Image\|startswith: 'C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost' DRL 1.0
sigma sysmon_raw_disk_access_using_illegitimate_tools.yml Image\|endswith: '\StartMenuExperienceHost.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.