Skip to content

Hide Navigation Hide TOC

HackTool - SharpDPAPI Execution (c7d33b50-f690-4b51-8cfb-0fb912a31e57)

Detects the execution of the SharpDPAPI tool based on CommandLine flags and PE metadata. SharpDPAPI is a C# port of some DPAPI functionality from the Mimikatz project.

Cluster A Galaxy A Cluster B Galaxy B Level
Make and Impersonate Token - T1134.003 (8cdeb020-e31e-4f88-a582-f53dcfbda819) Attack Pattern HackTool - SharpDPAPI Execution (c7d33b50-f690-4b51-8cfb-0fb912a31e57) Sigma-Rules 1
HackTool - SharpDPAPI Execution (c7d33b50-f690-4b51-8cfb-0fb912a31e57) Sigma-Rules Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) Attack Pattern 1
Make and Impersonate Token - T1134.003 (8cdeb020-e31e-4f88-a582-f53dcfbda819) Attack Pattern Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 2
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) Attack Pattern 2