Skip to content

Hide Navigation Hide TOC

Successful Overpass the Hash Attempt (192a0330-c20b-4356-90b6-7b7049ae0b87)

Detects successful logon with logon type 9 (NewCredentials) which matches the Overpass the Hash behavior of e.g Mimikatz's sekurlsa::pth module.

Cluster A Galaxy A Cluster B Galaxy B Level
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern Successful Overpass the Hash Attempt (192a0330-c20b-4356-90b6-7b7049ae0b87) Sigma-Rules 1
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern 2