9e32a4babd2e90a4d0351a1c3209dfe3954e0b2a871a111e8512c65a7b9c21b5

Analysis

max time kernel
146s
max time network
191s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
01/02/2023, 13:14

Target

SQL2019-SSEI-Dev (2).exe
Size

5.7MB
MD5

cd2f677bd174cfef132b4fec1c9bee7c
SHA1

685be7f19ed5331f1a48fab764713ac6c42a2118
SHA256

9e32a4babd2e90a4d0351a1c3209dfe3954e0b2a871a111e8512c65a7b9c21b5
SHA512

d1974bae9ced35909248c5fe8314b6da8cd09e09d17de275fc5249fbb981806332a7699c46d4cf83ccad785e7520d9a581b06fed8d37f5b0565c50dad263239b
SSDEEP

49152:jcikhejG29xzCm5BOjP7fG22JzQS3kmsUEl5b/EWahei:7jQX

Score

4^/10

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft SQL Server\150\SSEI\LogFiles\SSEI-Dev_20230201141521.txt	SQL2019-SSEI-Dev (2).exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1780	SQL2019-SSEI-Dev (2).exe

memory/1780-133-0x0000018C7A5B0000-0x0000018C7AB5E000-memory.dmp

Filesize
5.7MB

Download
memory/1780-134-0x00007FFD076B0000-0x00007FFD08171000-memory.dmp

Filesize
10.8MB

Download
memory/1780-135-0x0000018C7E4A0000-0x0000018C7E662000-memory.dmp

Filesize
1.8MB

Download
memory/1780-136-0x0000018C7EBA0000-0x0000018C7F0C8000-memory.dmp

Filesize
5.2MB

Download
memory/1780-137-0x0000018C7E990000-0x0000018C7E998000-memory.dmp

Filesize
32KB

Download
memory/1780-138-0x0000018C7EA90000-0x0000018C7EAC8000-memory.dmp

Filesize
224KB

Download
memory/1780-139-0x0000018C7EA50000-0x0000018C7EA5E000-memory.dmp

Filesize
56KB

Download
memory/1780-140-0x00007FFD076B0000-0x00007FFD08171000-memory.dmp

Filesize
10.8MB

Download
memory/1780-141-0x0000018C80090000-0x0000018C80216000-memory.dmp

Filesize
1.5MB

Download