This is a Windows system installed file with Windows File Protection (WFP) enabled.
There are 41 versions of lsass.exe in the wild, the latest version being 6.3.9600.16384 (winblue_rtm.130821-1623). It is started as a Windows Service called 'EFS (Encrypting File System)' with the name 'EFS' and described as “Fornece a tecnologia básica de criptografia de arquivos usada para armazenar arquivos criptografados em volumes do sistema de arquivos NTFS. Se esse serviço for interrompido ou desabilitado, os aplicativos não poderão acessar arquivos criptografados.”. . In addition, it is run under the context of the SYSTEM account with extensive privileges (the administrator accounts have the same privileges). This is executed as a shared service (which simply means that this service can share a process with other Win32 services). The average file size is about 24.73 KB. The file is a digitally signed and issued to Microsoft Corporation by Microsoft Corporation. During the process's lifecycle, the typical CPU resource utilization is about 0.0038% including both foreground and background operations, the average private memory consumption is about 6.24 MB with the maximum memory reaching around 13.54 MB. Addionally, typically read and write I/O disk operations is about 1.41 KB per minute for reads and 1.1 KB per minute for writes.
Local Security Authority Subsystem Service (LSASS), is a process in Microsoft Windows operating systems that is responsible for enforcing the security policy on the system. It verifies users logging on to a Windows computer or server, handles password changes, and creates access tokens.
(Note, the behaviors below are for all versions of lsass.exe, select a unique version for details.)
Runs under 'SYSTEM\CurrentControlSet\Services' as a shared service by the Service Host (svchost.exe)
United States installs about 40.75% of Local Security Authority Process.