LsaIso.exe

  • File Path: C:\WINDOWS\system32\LsaIso.exe
  • Description: Credential Guard & Key Guard

Hashes

Type Hash
MD5 8E2F37CE282B6A31A3EB0D6E93D92230
SHA1 F05ED916F07B5D0ED8F97B3CF238154DE4EEB905
SHA256 2E5FB6B74E671DF2E1107FCE403EB55AF13AB08D799880396A60E191BD6E604C
SHA384 F62F2F502A2678C38D225F7D82124B5D736F237D7B5668D99932413B77C682E8627778228E256A4248578A42EF03DF11
SHA512 B8DA91EBA497C8CEA67608F6BCF7342E229C136836A859539883CE9C7103C7286C9080A4F027215F47D6F74718F43077EB7FD676430970AED0CF9FED7764BDD5
SSDEEP 6144:cuJXVbWxzLh20bxOO7in7G/cnbFFVc+B8pJu:5KPh2AC8+1c+CpU

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: LsaIso.exe
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.18362.815 (WinBuild.160101.0800)
  • Product Version: 10.0.18362.815
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

Possible Misuse

The following table contains possible examples of LsaIso.exe being misused. While LsaIso.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma win_proc_wrong_parent.yml - '*\lsaiso.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.