elevation_service.exe
- File Path:
C:\Program Files\Google\Chrome\Application\95.0.4638.69\elevation_service.exe - Description: Google Chrome
Hashes
| Type | Hash |
|---|---|
| MD5 | 790AF709F1A51D7671041D6F96D80940 |
| SHA1 | 8F5ED91CC70C79D2F7264EEF96153DE7C6840259 |
| SHA256 | DBCD26F229AFAC2D0DC2E30A7DC3E0D1C0F2360AF7EF9E6DA5F273100E382F65 |
| SHA384 | BF756B96ACF003DB8B100A6B93A5095B257B6FBA9283D88D478E3F9883157C13CFF1F7890FF4BD29F2E43E9672A2139D |
| SHA512 | 2948159DF70408C6080B9514F0F00697CE5257B43EA55982A2811C494566BFBCD938FF7E2295DC8F561EB652ADFD649B8D8D770E0B262CAEC29254CFAF3DFDBF |
| SSDEEP | 24576:eUY8jAxPR+yKtdVPykEz87szOCKnyCaagQjfMo29XT0cp0xNZh:eUY8jAKyCdVPyk487UOCMyCaagQjfWTW |
| IMP | 6F0FF9C6E5BF80CB94113E862B8CE584 |
| PESHA1 | 6D5259B2033F6EC192085F206A74F57EE62B91C1 |
| PE256 | 013446A6988F1024ACC25DE69A40B16FFA5EF5B298ACA04FF210D853FE11BEB2 |
Runtime Data
Usage (stderr):
[1106/200304.534:ERROR:service_main.cc(150)] Failed to connect to the service control manager: The service process could not connect to the service controller. (0x427)
Child Processes:
csrss.exe winlogon.exe
Loaded Modules:
| Path |
|---|
| C:\Program Files\Google\Chrome\Application\95.0.4638.69\elevation_service.exe |
| C:\Windows\System32\ADVAPI32.dll |
| C:\Windows\System32\combase.dll |
| C:\Windows\System32\GDI32.dll |
| C:\Windows\System32\gdi32full.dll |
| C:\Windows\System32\KERNEL32.DLL |
| C:\Windows\System32\KERNELBASE.dll |
| C:\Windows\System32\msvcp_win.dll |
| C:\Windows\System32\msvcrt.dll |
| C:\Windows\SYSTEM32\ntdll.dll |
| C:\Windows\System32\ole32.dll |
| C:\Windows\System32\RPCRT4.dll |
| C:\Windows\System32\sechost.dll |
| C:\Windows\System32\ucrtbase.dll |
| C:\Windows\System32\USER32.dll |
| C:\Windows\System32\win32u.dll |
Signature
- Status: Signature verified.
- Serial:
0E4418E2DEDE36DD2974C3443AFB5CE5 - Thumbprint:
2673EA6CC23BEFFDA49AC715B121544098A1284C - Issuer: CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O=”DigiCert, Inc.”, C=US
- Subject: CN=Google LLC, O=Google LLC, L=Mountain View, S=California, C=US
File Metadata
- Original Filename: elevation_service.exe
- Product Name: Google Chrome
- Company Name: Google LLC
- File Version: 95.0.4638.69
- Product Version: 95.0.4638.69
- Language: English (United States)
- Legal Copyright: Copyright 2021 Google LLC. All rights reserved.
- Machine Type: 64-bit
File Scan
- VirusTotal Detections: 0/72
- VirusTotal Link: https://www.virustotal.com/gui/file/dbcd26f229afac2d0dc2e30a7dc3e0d1c0f2360af7ef9e6da5f273100e382f65/detection
Possible Misuse
The following table contains possible examples of elevation_service.exe being misused. While elevation_service.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
| Source | Source File | Example | License |
|---|---|---|---|
| sigma | file_event_win_cve_2021_41379_msi_lpe.yml | description: Detects signs of the exploitation of LPE CVE-2021-41379 that include an msiexec process that creates an elevation_service.exe file |
DRL 1.0 |
| sigma | file_event_win_cve_2021_41379_msi_lpe.yml | TargetFilename\|endswith: '\elevation_service.exe' |
DRL 1.0 |
| sigma | proc_creation_win_exploit_lpe_cve_2021_41379.yml | ParentImage\|endswith: '\elevation_service.exe' |
DRL 1.0 |
MIT License. Copyright (c) 2020-2021 Strontic.