0479e62fd04d7bfc34fca0a9a36f759e5d6c826c3fe382fdd284101039c28a07
Source: Wild
Summary
Explorer.exe is the built-in Windows file explorer. It is very common to see explorer.exe to have a variety of children, and also for it to be launched by a variety of parents.
EchoTrail Prevalence Score (EPS)
84.34
Rank Analysis
Host Prevalence
92.6%
Execution Rank
33,397th
Behavioral Analysis
Top Filenames
Top Paths
C:\Windows
69.48 %
loading...
Top Network Ports
443
95.34 %
loading...
Ancestry Analysis
Top GrandParents
Top Parents
Top Children
Security Analysis
Intel
The legitimate Explorer.exe is the built-in Windows file explorer. However, explorer.exe is one of the top malware names. Signs of the legitimate explorer.exe: Image Path: %SystemRoot%\explorer.exe Parent Process: Created by an instance of userinit.exe that exits, so analysis tools usually do not provide the parent process name. Number of Instances: One or more per interactively logged-on user User Account: <logged-on user(s)> Start Time: First instance starts when the owner’s interactive logon begins Also note that malware could inject into the memory space of explorer.exe. In this case we would need to analyze the dlls that are loaded, or the actual code running in memory.