StartMenuExperienceHost.exe

  • File Path: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

Hashes

Type Hash
MD5 6AECA53F405206CAD08032B2FE2423D7
SHA1 428E60AD77F5A21B3AD8E6438E80074B09426C26
SHA256 03F57900A9324DF23DA95A46F58245649B0357F065B7F4128E387507CE9582E6
SHA384 F8E1A56596E0CFA2F8835221D3743D348AA265BBB1BDF471B041A07C3319C4822DA577CF7522AFAFAFF0F90F09DF2E7A
SHA512 E601FCDE00D487E79F25E985457A2FE1CDF7AD17706E77AA1D990FD1AE7D3CCC510C6C427C6BE69D953B5CCABA6CDD24965B94D486C2C66D5EE679C2170379CF
SSDEEP 12288:sBfIHnZMOQhy4vZ3GbpdHx58A2OCkRHskBCM4V3:sCHnzd4FQpX5f2OCkRHskBe1
IMP 2E421B1476FFB1DB0FFA09D9C0541147
PESHA1 A983E746E224A224DCA3DED83F5886C6A529F685
PE256 FB092E3CDB5ED50156B9762474A620EB4743BEDD01C8938A404162A54463BC88

Runtime Data

Loaded Modules:

Path
C:\Windows\System32\combase.dll
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\System32\msvcp_win.dll
C:\Windows\System32\msvcrt.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\OLEAUT32.dll
C:\Windows\System32\RPCRT4.dll
C:\Windows\System32\ucrtbase.dll
C:\Windows\SYSTEM32\wincorlib.DLL
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename:
  • Product Name:
  • Company Name:
  • File Version:
  • Product Version:
  • Language:
  • Legal Copyright:
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/75
  • VirusTotal Link: https://www.virustotal.com/gui/file/03f57900a9324df23da95a46f58245649b0357f065b7f4128e387507ce9582e6/detection

Possible Misuse

The following table contains possible examples of StartMenuExperienceHost.exe being misused. While StartMenuExperienceHost.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma sysmon_raw_disk_access_using_illegitimate_tools.yml Image\|startswith: 'C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost' DRL 1.0
sigma sysmon_raw_disk_access_using_illegitimate_tools.yml Image\|endswith: '\StartMenuExperienceHost.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.