This detection rule identifies the execution of the Crassus tool, which is a Windows privilege escalation discovery tool. It utilizes properties of the PE (Portable Executable) metadata to ascertain the presence of Crassus by checking the filename, original file name, and the description of the executable. The detection operates on the 'process_creation' log source within Windows environments. Given that Crassus is known for its use in privilege escalation, its detection is categorized as high-level due to its potential impact on system security. False positives are considered unlikely, enhancing the reliability of this rule.