..
/Pnputil.exe
Star
Execute
Used for installing drivers
Paths:
C:\Windows\system32\pnputil.exe
Acknowledgements:
Hai Vaknin(Lux) (
@LuxNoBulIshit
)
Avihay eldad (
@aloneliassaf
)
Detections:
Sigma:
https://github.com/SigmaHQ/sigma/blob/c04bef2fbbe8beff6c7620d5d7ea6872dbe7acba/rules/windows/process_creation/proc_creation_win_lolbin_susp_driver_installed_by_pnputil.yml
Execute
Used for installing drivers
pnputil.exe -i -a C:\Users\hai\Desktop\mo.inf
Use case
Add malicious driver
Privileges required
Administrator
Operating systems
Windows 7, Windows 10, Windows 11
ATT&CK® technique
T1547