elevation_service.exe

  • File Path: C:\program files\Google\Chrome\Application\85.0.4183.83\elevation_service.exe
  • Description: Google Chrome

Hashes

Type Hash
MD5 26A91C2F2C4F10345CD5B7E4BCF1928A
SHA1 6C6289DD063753AC0A50A00FEC2EAA9A6F065724
SHA256 241A9C249468E151D97D9768AB2C2F90D78A9070965F87B0713D6F53408A461D
SHA384 F255CDF41A78342D1DDBB9C8675E28AACB532FCD56C79107BF95B1CAE58B5C45005BE7F7E8553FA38C61F85CC8DFA6ED
SHA512 161EFF02EC3075FF5AA5AF98E006692B7AF8F680F4E2B557A1353E76911C7FE6B070CF2D2FA32859835F116B52F1F29C0215CF36DB79C53419E59E21DB5289FA
SSDEEP 24576:Y0xCSxrlfMK/dKgVcOATcbJqhioi5n7DhMicP3m9htUVTVVcKx3v:YgJfhdFVTATc0h9imPMhtETvcKx/

Runtime Data

Usage (stderr):

[0830/154042.943:ERROR:service_main.cc(150)] Failed to connect to the service control manager: The service process could not connect to the service controller. (0x427)

Loaded Modules:

Path
C:\program files\Google\Chrome\Application\85.0.4183.83\elevation_service.exe
C:\Windows\System32\ADVAPI32.dll
C:\Windows\System32\combase.dll
C:\Windows\System32\GDI32.dll
C:\Windows\System32\gdi32full.dll
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\System32\msvcrt.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\ole32.dll
C:\Windows\System32\RPCRT4.dll
C:\Windows\System32\sechost.dll
C:\Windows\System32\ucrtbase.dll
C:\Windows\System32\win32u.dll

Signature

  • Status: Signature verified.
  • Serial: 0C15BE4A15BB0903C901B1D6C265302F
  • Thumbprint: CB7E84887F3C6015FE7EDFB4F8F36DF7DC10590E
  • Issuer: CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US
  • Subject: CN=Google LLC, O=Google LLC, L=Mountain View, S=ca, C=US

File Metadata

  • Original Filename: elevation_service.exe
  • Product Name: Google Chrome
  • Company Name: Google LLC
  • File Version: 85.0.4183.83
  • Product Version: 85.0.4183.83
  • Language: English (United States)
  • Legal Copyright: Copyright 2020 Google LLC. All rights reserved.

File Similarity (ssdeep match)

File Score
C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exe 94

Possible Misuse

The following table contains possible examples of elevation_service.exe being misused. While elevation_service.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma file_event_win_cve_2021_41379_msi_lpe.yml description: Detects signs of the exploitation of LPE CVE-2021-41379 that include an msiexec process that creates an elevation_service.exe file DRL 1.0
sigma file_event_win_cve_2021_41379_msi_lpe.yml TargetFilename\|endswith: '\elevation_service.exe' DRL 1.0
sigma proc_creation_win_exploit_lpe_cve_2021_41379.yml ParentImage\|endswith: '\elevation_service.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.