.. / GfxDownloadWrapper.exe
Star

Remote file download used by the Intel Graphics Control Panel, receives as first parameter a URL and a destination file path.


Paths:


Resources:
https://www.sothis.tech/author/jgalvez/

Acknowledgement:
Jesus Galvez -


Detection:
Usually GfxDownloadWrapper downloads a JSON file from https://gameplayapi.intel.com.



Download

GfxDownloadWrapper.exe downloads the content that returns URL and writes it to the file DESTINATION FILE PATH. The binary is signed by "Microsoft Windows Hardware", "Compatibility Publisher", "Microsoft Windows Third Party Component CA 2012", "Microsoft Time-Stamp PCA 2010", "Microsoft Time-Stamp Service".
C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_[0-9]+\GfxDownloadWrapper.exe "URL" "DESTINATION FILE"
Usecase:Download file from internet
Privileges required:User
OS:Windows 10
Mitre:T1105