Instead of writing custom kernel code, the attacker drops a legitimate, legitimately signed, but historically flawed third-party utility driver—classified by security tools under the VulnDriver family.
Are you seeing this string in a or a development environment ? Hacktoolvulndriver 1d7dd Classic Top hacktoolvulndriver 1d7dd classic top
Do your security logs show any initiated by the file? Instead of writing custom kernel code, the attacker
: This doesn't always mean you've downloaded a "hacking tool." It indicates the file contains code (often a driver) that be used by hackers for Privilege Escalation Common Occurrences Instead of writing custom kernel code
: HackTool:Win32/VulnDriver!1d7dd (Microsoft), PUA.Gen (various).