1dfcfce70c33e064741587718eeed488b721b43727c5ee082c1a5f627056fd7b
Source: Wild
Threat: LOLBin
Summary
Wmic.exe is a powerful command line interpreter for interacting with the Windows Management Instrumentation (WMI). WMI is Microsoft's version of Web-Based Enterprise Management (WBEM). You can use WMI scripts to automate tasks on remote computers.
EchoTrail Prevalence Score (EPS)
61.2
Rank Analysis
Host Prevalence
73.8%
Execution Rank
65,187th
Behavioral Analysis
Top Filenames
Top Paths
C:\Windows\System32\wbem
98.50 %
loading...
Top Network Ports
53
38.72 %
loading...
Ancestry Analysis
Top GrandParents
Top Parents
loading...
Top Children
Security Analysis
Intel
This process has been abused by attackers and pentesters for quite some time. It is a powerful, native tool for acquiring privileged information or conducting arbitrary privileged activity on Windows systems. As such, it has become a favorite for attacker abuse over the years.