.. / Infdefaultinstall.exe
Star

Binary used to perform installation based on content inside inf files


Paths:


Resources:
https://twitter.com/KyleHanslovan/status/911997635455852544
https://blog.conscioushacker.io/index.php/2017/10/25/evading-microsofts-autoruns/

Acknowledgement:
Kyle Hanslovan - @kylehanslovan


Detection:



Execute

Executes SCT script using scrobj.dll from a command in entered into a specially prepared INF file.
InfDefaultInstall.exe Infdefaultinstall.inf
Usecase:Code execution
Privileges required:User
OS:Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10
Mitre:T1218