c854b612-0b9f-4fc3-a7b8-a93bed7a291e

SSPORT.sys :inline :inline

Description

SSPORT.sys is a vulnerable driver and more information will be added as found.

  • UUID: c854b612-0b9f-4fc3-a7b8-a93bed7a291e
  • Created: 2023-04-15
  • Author: Nasreddine Bencherchali
  • Acknowledgement: Paolo Stagno | Void_Sec

Download

This download link contains the vulnerable driver!

Commands

sc.exe create SSPORT.sys binPath=C:\windows\temp\SSPORT.sys     type=kernel && sc.exe start SSPORT.sys
Use CasePrivilegesOperating System
Elevate privilegeskernelWindows 10

Detections

YARA 🏹

Expand

Exact Match

with header and size limitation

Threat Hunting

without header and size limitation

Renamed

for renamed driver files

Sigma 🛡️

Expand

Names

detects loading using name only

Hashes

detects loading using hashes only

Sysmon 🔎

Expand

Block

on hashes

Alert

on hashes

Resources


  • https://github.com/VoidSec/Exploit-Development/tree/b82b6d3ac1cce66221101d3e0f4634aa64cb4ca7/windows/x64/kernel/ssport_v1.0

  • Known Vulnerable Samples

    PropertyValue
    FilenameSSPORT.sys
    Creation Timestamp
    MD50211ab46b73a2623b86c1cfcb30579ab
    SHA1ccd547ef957189eddb6ee213e5e0136e980186f9
    SHA2567cc9ba2df7b9ea6bb17ee342898edd7f54703b93b6ded6a819e83a7ee9f938b4
    Authentihash MD5ffc522ee567368a6f98c38dd2aa57f30
    Authentihash SHA106643b15efe04a2177c08d0395a2be5a910ed58c
    Authentihash SHA256710639fd1eb76520e8733840ad78a81e09ce03930e4d3c47998e3162ae95f90e
    PublisherN/A
    CompanySamsung Electronics
    DescriptionPort Contention Driver
    ProductPort Contention Driver
    OriginalFilenameSSPORT.sys

    Download

    Certificates

    Expand

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • IoDeleteDevice
    • IoDeleteSymbolicLink
    • RtlInitUnicodeString
    • strncpy
    • IoCreateSymbolicLink
    • IoCreateDevice
    • IofCompleteRequest

    Exported Functions

    Expand

    Sections

    Expand

    Signature

    Expand
    {
      "Certificates": [
        {
          "Signature": "4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA",
          "ValidFrom": "2003-12-04 00:00:00",
          "ValidTo": "2013-12-03 23:59:59"
        },
        {
          "Signature": "877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer",
          "ValidFrom": "2003-12-04 00:00:00",
          "ValidTo": "2008-12-03 23:59:59"
        },
        {
          "Signature": "9a65f5d8d7e1a4d05dded87d7bc3eec408c256d08cdcedac228de750060d072ca0a46995cc99dfcc6331cfb0c1e496cb38ce21fb7ce7580a2321072c9097abd89604935453ba3a1048720d85ec1b0a4125cc7d6cac7b03f1f7783cf2a840d05572dbbe0b28b5c8c705fed3e0b521dcbc40b7bebc60f5b8e3d85e3b65dd66565f",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004 CA",
          "ValidFrom": "2004-07-16 00:00:00",
          "ValidTo": "2009-07-15 23:59:59"
        },
        {
          "Signature": "01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority",
          "ValidFrom": "2006-05-23 17:01:29",
          "ValidTo": "2016-05-23 17:11:29"
        },
        {
          "Signature": "4dceac99bddd261b0cba819d675d9769f4c0b78bb6916510b1bc30653c37c6a5a7deb1448f344a0064400030008a5c4a335b81453e39bf13b05e4172ae494162f8f58ea0c1ed36701a58eff239fa8456b3a2414812e2c78bea6745689beffb6d4f8f7fa4b65b3d6b3bb69102aac1f8fd41ac6a48b4cd651a7f80f2742b4277396250e1efb948c20a44fef90a1690db36677710078c60b2886c92174c9d680a20a77f0d9fce50c22311c8f78ec6519a558fc8a51ee9fca41a7213336555bda8fade96b9dbc789754f6b6fa715487cc2be4a2405d8c7f1512f530afeeba35deb952cfa8e3264a793a089d99d74ba6c84cba3d9910e82a5c0ca84b12dc707a4feb5",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=KR, ST=Kyungki,Do, L=Suwon, O=Samsung Electronics CO., LTD., OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Computer System, CN=Samsung Electronics CO., LTD.",
          "ValidFrom": "2005-11-08 00:00:00",
          "ValidTo": "2006-12-17 23:59:59"
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004 CA",
          "SerialNumber": "4ffbf40bae31d4c367d68e83e3e6712f"
        }
      ],
      "SignerInfo": ""
    }
    

    source

    last_updated: 2024-03-28