After successful exploition using msf why should we need to migrate to explorer.exe process?

Question

I have seen lot of metasploit videos where the instructors have shown process migration. Why do they always migrate in to explorer.exe process and what's the importance of it?

Answer 1

Migrating into another process reduces the chance of getting detected. More precisely, a process with a name generated by Metasploit (typically random alphanumeric characters, e. g., YIhXxjfm.exe) looks quite suspicious in the task manager. explorer.exe is probably chosen because it most certainly is already running so one wouldn’t need to start another process and migrate into it, that might catch the victim’s attention, e. g., window pops up on the window.