Techniques
Sample rules
Unsigned Image Loaded Into LSASS Process
- source: sigma
- technicques:
- t1003
- t1003.001
Description
Loading unsigned image (DLL, EXE) into LSASS process
Detection logic
condition: selection
selection:
Image|endswith: \lsass.exe
Signed: 'false'