Enable LM Hash Storage - ProcCreation (98dedfdd-8333-49d4-9f23-d7018cccae53)
Detects changes to the "NoLMHash" registry value in order to allow Windows to store LM Hashes. By setting this registry value to "0" (DWORD), Windows will be allowed to store a LAN manager hash of your password in Active Directory and local SAM databases.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) | Attack Pattern | Enable LM Hash Storage - ProcCreation (98dedfdd-8333-49d4-9f23-d7018cccae53) | Sigma-Rules | 1 |