a5792a63-ba77-44ac-bd4a-134b24b01033

1.sys

We were not able to verify the hash of this driver successfully, it has not been confirmed.

Description

1.sys is a vulnerable driver and more information will be added as found.

  • UUID: a5792a63-ba77-44ac-bd4a-134b24b01033
  • Created: 2023-01-09
  • Author: Michael Haag
  • Acknowledgement: |

Commands

sc.exe create 1.sys binPath=C:\windows\temp\1.sys type=kernel && sc.exe start 1.sys
Use CasePrivilegesOperating System
Elevate privilegeskernelWindows 10

Detections

YARA 🏹

Expand

Exact Match

with header and size limitation

Threat Hunting

without header and size limitation

Renamed

for renamed driver files

Sigma 🛡️

Expand

Names

detects loading using name only

Hashes

detects loading using hashes only

Sysmon 🔎

Expand

Block

on hashes

Alert

on hashes

Resources


  • https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules

    • Known Vulnerable Samples

    PropertyValue
    Filename1.sys
    Creation Timestamp
    MD5
    SHA1
    SHA25664f9e664bc6d4b8f5f68616dd50ae819c3e60452efd5e589d6604b9356841b57

    Imports

    Expand

    Imported Functions

    Expand

    Exported Functions

    Expand

    Sections

    Expand

    Signature

    Expand

    source

    last_updated: 2024-09-26