WMI.DCERPC_Execute.Method.Request.Win32.Process.Class
Description
This indicates detection of a WMI Execute Method Request calling Win32_Process class.Windows Management Instrumentation (WMI) is a suite of tools for managing data and operations on Windows-based operating systems. WMI is the Microsoft implementation of the Web-based Enterprise Management (WBEM) standard. Users can write WMI scripts to automate administrative tasks on remote computers.
The WMI Execute Method Request Win32_Process Class can remotely launch a new executable. Some malware may use this to propagate through a network.
Affected Products
Windows-based operating systems
Impact
Unexpected network communication
Technology
Browser-Based, Network-Protocol, Client-Server, Peer-to-Peer, Cloud-Based, Mobile-Device
Behavior
- Other
Application Dependencies
Default Ports
- TCP/135