From ecc94c2d09744f9372a656371cd902866422effc Mon Sep 17 00:00:00 2001 From: Oddvar Moe Date: Tue, 7 Jan 2020 09:08:13 +0100 Subject: [PATCH] Adjusted GfxDownloadWrapper --- yml/OSBinaries/GfxDownloadWrapper.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/yml/OSBinaries/GfxDownloadWrapper.yml b/yml/OSBinaries/GfxDownloadWrapper.yml index a6ed7e4..8a251aa 100644 --- a/yml/OSBinaries/GfxDownloadWrapper.yml +++ b/yml/OSBinaries/GfxDownloadWrapper.yml @@ -4,9 +4,9 @@ Description: Remote file download used by the Intel Graphics Control Panel, rece Author: Jesus Galvez Created: Jesus Galvez Commands: - - Command: C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_[0-9]+\GfxDownloadWrapper.exe "" "" - Description: GfxDownloadWrapper.exe downloads the content that returns and writes it to the file . The binary is signed by "Microsoft Windows Hardware", "Compatibility Publisher", "Microsoft Windows Third Party Component CA 2012", "Microsoft Time-Stamp PCA 2010", "Microsoft Time-Stamp Service". - Usecase: C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_5fc14233495bec91\GfxDownloadWrapper.exe "http://127.0.0.1:8005" "%temp%\test" + - Command: C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_[0-9]+\GfxDownloadWrapper.exe "URL" "DESTINATION FILE" + Description: GfxDownloadWrapper.exe downloads the content that returns URL and writes it to the file DESTINATION FILE PATH. The binary is signed by "Microsoft Windows Hardware", "Compatibility Publisher", "Microsoft Windows Third Party Component CA 2012", "Microsoft Time-Stamp PCA 2010", "Microsoft Time-Stamp Service". + Usecase: Download file from internet Category: Download Privileges: User MitreID: T1105