Suspicious LSASS Access Via MalSecLogon (472159c5-31b9-4f56-b794-b766faa8b0a7)

Detects suspicious access to LSASS handle via a call trace to "seclogon.dll" with a suspicious access right.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	Suspicious LSASS Access Via MalSecLogon (472159c5-31b9-4f56-b794-b766faa8b0a7)	Sigma-Rules	1
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	2