WMI.DCERPC_Execute.Method.Request.Win32.Process.Class

description-logo Description

This indicates detection of a WMI Execute Method Request calling Win32_Process class.
Windows Management Instrumentation (WMI) is a suite of tools for managing data and operations on Windows-based operating systems. WMI is the Microsoft implementation of the Web-based Enterprise Management (WBEM) standard. Users can write WMI scripts to automate administrative tasks on remote computers.
The WMI Execute Method Request Win32_Process Class can remotely launch a new executable. Some malware may use this to propagate through a network.

affected-products-logoAffected Products

Windows-based operating systems

Impact logoImpact

Unexpected network communication

Technology

Browser-Based, Network-Protocol, Client-Server, Peer-to-Peer, Cloud-Based, Mobile-Device

Behavior

  • Other

Application Dependencies

Default Ports

  • TCP/135