920e3326-e5dc-446a-9993-6ec05266e0e0

ASIO32.sys

We were not able to verify the hash of this driver successfully, it has not been confirmed.

Description

ASIO32.sys is a vulnerable driver and more information will be added as found.

  • UUID: 920e3326-e5dc-446a-9993-6ec05266e0e0
  • Created: 2023-01-09
  • Author: Michael Haag
  • Acknowledgement: |

Commands

sc.exe create ASIO32.sys binPath=C:\windows\temp\ASIO32.sys type=kernel && sc.exe start ASIO32.sys
Use CasePrivilegesOperating System
Elevate privilegeskernelWindows 10

Detections

YARA 🏹

Expand

Exact Match

with header and size limitation

Threat Hunting

without header and size limitation

Renamed

for renamed driver files

Sigma 🛡️

Expand

Names

detects loading using name only

Hashes

detects loading using hashes only

Sysmon 🔎

Expand

Block

on hashes

Alert

on hashes

Resources


  • https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
  • https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules

    • Known Vulnerable Samples

    PropertyValue
    FilenameASIO32.sys
    MD5
    SHA1d569d4bab86e70efbcdfdac9d822139d6f477b7c
    SHA256

    Imports

    Expand

    Imports

    Expand

    ImportedFunctions

    Expand

    ExportedFunctions

    Expand

    Signature

    Expand
    PropertyValue
    FilenameASIO32.sys
    MD5
    SHA180fa962bdfb76dfcb9e5d13efc38bb3d392f2e77
    SHA256

    Imports

    Expand

    Imports

    Expand

    ImportedFunctions

    Expand

    ExportedFunctions

    Expand

    Signature

    Expand
    PropertyValue
    FilenameASIO32.sys
    MD5
    SHA15a7dd0da0aee0bdedc14c1b7831b9ce9178a0346
    SHA256

    Imports

    Expand

    Imports

    Expand

    ImportedFunctions

    Expand

    ExportedFunctions

    Expand

    Signature

    Expand
    PropertyValue
    FilenameASIO32.sys
    MD5
    SHA11acc7a486b52c5ee6619dbdc3b4210b5f48b936f
    SHA256

    Imports

    Expand

    Imports

    Expand

    ImportedFunctions

    Expand

    ExportedFunctions

    Expand

    Signature

    Expand
    PropertyValue
    FilenameASIO32.sys
    MD5
    SHA155ab7e27412eca433d76513edc7e6e03bcdd7eda
    SHA256

    Imports

    Expand

    Imports

    Expand

    ImportedFunctions

    Expand

    ExportedFunctions

    Expand

    Signature

    Expand
    PropertyValue
    FilenameASIO32.sys
    MD5
    SHA11e7c241b9a9ea79061b50fb19b3d141dee175c27
    SHA256

    Imports

    Expand

    Imports

    Expand

    ImportedFunctions

    Expand

    ExportedFunctions

    Expand

    Signature

    Expand

    source

    last_updated: 2023-12-02