How is file location implying if a given file is possibly a malware or not? Example: Let's take windows wmiprvse.exe file. Web search results will often give you results similar to: "If this is under C:\WINDOWS\System32\Wbem then it is genuine, anywhere else it is malware"
So my question is- why such location of that file indicates it is not malicious, is it a matter of 'write' permissions to that path? What could stop me- an attacker- from naming my malicious file "wmiprvse.exe" and putting it in the \system32 location to make it look OK?
It isn't really that files in certain locations can't be malicious, it's that there are normally legitimate files that have specific locations. Finding "wmiprvse.exe" in \system32 is expected because that's where the legitimate "wmiprvse.exe" is supposed to be. Finding it anywhere else indicates that it is a malicious file "pretending" to be "wmiprvse.exe".
Yes, it is possible that an attacker replaced a legitimate file with a malicious version in the same location, but that might interfere with the system's normal operation.