WiFiTask.exe

%3CLINGO-SUB%20id%3D%22lingo-sub-1249677%22%20slang%3D%22en-US%22%3EWiFiTask.exe%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1249677%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20class%3D%22%22%3EI%20observed%20traffic%20towards%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fcache.datamart.windows.com%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20nofollow%22%3Ehttps%3A%2F%2Fcache.datamart.windows.com%3C%2FA%3E%26nbsp%3Bfrom%20a%20Windows%2010%20Machine.%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EThe%20used%20user%20agent%20captured%20was%26nbsp%3B%E2%80%9CMicrosoft%3C%2FSPAN%3E%3CSPAN%3E!%3C%2FSPAN%3E%3CSPAN%3EWiFiTask_File_Downloader%E2%80%9D%20and%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3Ehave%20no%20information%20on%20the%20official%20website%20of%20the%20Microsoft.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EOn%20further%20analysis%20i%20found%20wifitask.exe%20generating%20this%20traffic%20which%20is%20a%20background%20service.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EAlso%20after%20analyzing%20wifitask.exe%20in%20%22%3CA%20href%3D%22https%3A%2F%2Fwww.hybrid-analysis.com%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.hybrid-analysis.com%3C%2FA%3E%22%20i%20found%20the%26nbsp%3B%E2%80%9CMicrosoft!WiFiTask_File_Downloader%E2%80%9D%26nbsp%3Bin%20the%20strings.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3ERef%20Link%20%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.hybrid-analysis.com%2Fsample%2F3f61513138fc7db66fb977304212636422a018ff5792fad255909209cb2bd650%3FenvironmentId%3D120%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.hybrid-analysis.com%2Fsample%2F3f61513138fc7db66fb977304212636422a018ff5792fad255909209cb2bd650%3FenvironmentId%3D120%3C%2FA%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3ECan%20any%20one%20please%20help%20me%20understand%2C%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3E1.%20Why%20wifitask.exe%20is%20generating%20traffic%20towards%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fcache.datamart.windows.com%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20nofollow%22%3Ehttps%3A%2F%2Fcache.datamart.windows.com%3C%2FA%3E%3F%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E2.%20Why%26nbsp%3B%E2%80%9CMicrosoft!WiFiTask_File_Downloader%E2%80%9D%26nbsp%3Bis%20captured%20as%20User%20Agent%20in%20logs%3F%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Visitor

I observed traffic towards https://cache.datamart.windows.com from a Windows 10 Machine.

The used user agent captured was “Microsoft!WiFiTask_File_Downloader” and have no information on the official website of the Microsoft.

 

On further analysis i found wifitask.exe generating this traffic which is a background service.

 

Also after analyzing wifitask.exe in "https://www.hybrid-analysis.com" i found the “Microsoft!WiFiTask_File_Downloader” in the strings.

 

Ref Link : https://www.hybrid-analysis.com/sample/3f61513138fc7db66fb977304212636422a018ff5792fad255909209cb2bd...

 

Can any one please help me understand,

 

1. Why wifitask.exe is generating traffic towards https://cache.datamart.windows.com?

2. Why “Microsoft!WiFiTask_File_Downloader” is captured as User Agent in logs? 

0 Replies