Josh LemonSep 18, 2025

Wow, Microsoft is removing #WMIC from Windows!
But they aren't removing the underlying WMI framework, so threat actors will have to use PowerShell to access WMI.

I'm not sure this will have a significant impact on what Threat Actors do with WMI, however, it'll at least force a Threat Actor to use PowerShell where there is better built-in visibility (if it's enabled), compared to WMIC.

🔗 https://techcommunity.microsoft.com/blog/windows-itpro-blog/wmi-command-line-wmic-utility-deprecation-next-steps/4039242

#IncidentResponse #ThreatDetection #ThreatIntel #CSIRT #CERT

ANY.RUNApr 29, 2025

⚠️ Top WMIC Commands Used by Malware and Greyware in the Past 7 Days (1/3 🧵)
#WMIC may be outdated, but it continues to provide #malware with stealth access to system information and configuration. Here are the top WMIC commands seen in #ANYRUN sandbox sessions over the past week.

1️⃣ SystemProfiling – 2391 uses
Example: https://app.any.run/tasks/b22ac552-8ca2-467e-a69a-4ccd7e1e5a05/?utm_source=mastodon&utm_medium=post&utm_campaign=wmic&utm_content=linktoservice&utm_term=290425
Command: wmic os get locale

#Cybersecurity #infosec

Analysis stc2_clean.exe (MD5: E40A445ECD442EAAFDBE678E674BFA54) Malicious activity - Interactive analysis ANY.RUN

Interactive malware hunting service. Live testing of most type of threats in any environments. No installation and no waiting necessary.

Fabian NiesenFeb 2, 2024
Are you still using #WMIC? You should start the transition ASAP... For example, using #PowerShell: Get-CIMInstance https://techcommunity.microsoft.com/t5/windows-it-pro-blog/wmi-command-line-wmic-utility-deprecation-next-steps/ba-p/4039242#LifeCycleManagement
#Windows11#WindowsServer
WMI command line (WMIC) utility deprecation: Next steps

Get ready for the next step in WMIC deprecation: this feature on demand will be disabled by default soon.

TECHCOMMUNITY.MICROSOFT.COM
Shawn BrinkJan 26, 2024
WMI command line (#WMIC) utility deprecation January 29, 2024: Next steps
https://www.elevenforum.com/t/wmi-command-line-wmic-utility-deprecation-next-steps.21920/
WMI command line (WMIC) utility deprecation: Next steps

Starting January 29, 2024, you'll find Windows Management Instrumentation Command line (WMIC) feature "disabled by default" on the insider build of Windows 11. If your application is dependent on WMIC, please migrate away from it using this post as a guide. Let's catch up on the latest and learn...

Windows 11 Forum
keen456 keen456Apr 6, 2023
Just learned recently that you can read & write #Dell #BIOS settings natively in Windows on 2018 & later commercial models using #WMI (using either the old #WMIC or #PowerShell: https://dl.dell.com/manuals/common/dell-agentless-client-manageability.pdf )
brimstoneApr 22, 2019

I just pocketed: Windows Command Line cheatsheet (part 2): WMIC

https://www.andreafortuna.org/2017/08/09/windows-command-line-cheatsheet-part-2-wmic/

#security #tutorial #windows #wmic

Windows Command Line cheatsheet (part 2): WMIC | So Long, and Thanks for All the Fish

This command-line tool is really useful for both penetration testing and forensics tasks The previous article has raised interest in readers regarding WMIC. So I decided to write an article dedicated to this tool. If you've done any scripting for the Windows platform, you've probably bumped into the Windows Management Instrumentation (WMI) scripting API, which can be used to enumerate all kinds of information. The WMIC command-line tool is basically another front-end to access the WMI framework, with the added bonus that numerous queries are pre-defined. The pre-defined queries mean that you won't necessarily need to spend any time learning the WMI Query Language (WQL), which is syntactically similar to SQL. WMIC is included in the default installation of Windows XP (excluding Home edition) and Windows Server 2003. Although WMIC is not included on Windows 2000, you can still usea Windows XP or Server 2003 client to remotely query Windows 2000 systems and receive similar results. The

So Long, and Thanks for All the Fish