Techniques
Sample rules
Dumping Process via Sqldumper.exe
- source: sigma
- technicques:
- t1003
- t1003.001
Description
Detects process dump via legitimate sqldumper.exe binary
Detection logic
condition: selection
selection:
CommandLine|contains:
- '0x0110'
- 0x01100:40
Image|endswith: \sqldumper.exe