elevation_service.exe

  • File Path: C:\Program Files (x86)\Microsoft\Edge\Application\95.0.1020.40\elevation_service.exe
  • Description: Microsoft Edge

Hashes

Type Hash
MD5 7E27BD727882D68220F96343874F52D3
SHA1 2F9EC8F5FC5DF3F3079F8052BFA8FAD7EE27E394
SHA256 D8D2EA11DAED71092CCFD6B20A68DFEB358DE0055DA15B5E89727AB486D84799
SHA384 D4D4CF1DFBC4CEE64CC1EB49A6B9C0DFE4D9D187D7A9AA56A49ED8F1F871CBB791E24CD034E74077E56012BB60C233DE
SHA512 98971B0B3F09627A6F592F032778953CFA55472B5A558EC723F39A30E9F0000925DC42A3B21A7455DE6D05A2473E405635CE8999197D67C26C978F4122C30435
SSDEEP 49152:hm2A6lGDnayyFPsqC9BtYrU9xlHnTrnMKdT+CTNz+Y:EoyyFPwYAl90Y
IMP 8803A0FAC198F9AAAD4268CB55E9BBE1
PESHA1 C510ED6FF64312630D4E047353F0D45AD34F7DFF
PE256 FA209DAA50F559B609CB4268A62068F37BC7E61ACF65F01A2F6A94660B1CDD5C

Runtime Data

Usage (stderr):

[1106/201214.061:ERROR:service_main.cc(154)] Failed to connect to the service control manager: The service process could not connect to the service controller. (0x427)

Loaded Modules:

Path
C:\Program Files (x86)\Microsoft\Edge\Application\95.0.1020.40\elevation_service.exe
C:\Windows\System32\ADVAPI32.dll
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\System32\msvcrt.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\RPCRT4.dll
C:\Windows\System32\sechost.dll

Signature

  • Status: Signature verified.
  • Serial: 33000001E2F17D92020E49F87F0000000001E2
  • Thumbprint: C774204049D25D30AF9AC2F116B3C1FB88EE00A4
  • Issuer: CN=Microsoft Code Signing PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: elevation_service.exe
  • Product Name: Microsoft Edge
  • Company Name: Microsoft Corporation
  • File Version: 95.0.1020.40
  • Product Version: 95.0.1020.40
  • Language: English (United States)
  • Legal Copyright: Copyright Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 1/73
  • VirusTotal Link: https://www.virustotal.com/gui/file/d8d2ea11daed71092ccfd6b20a68dfeb358de0055da15b5e89727ab486d84799/detection

Possible Misuse

The following table contains possible examples of elevation_service.exe being misused. While elevation_service.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma file_event_win_cve_2021_41379_msi_lpe.yml description: Detects signs of the exploitation of LPE CVE-2021-41379 that include an msiexec process that creates an elevation_service.exe file DRL 1.0
sigma file_event_win_cve_2021_41379_msi_lpe.yml TargetFilename\|endswith: '\elevation_service.exe' DRL 1.0
sigma proc_creation_win_exploit_lpe_cve_2021_41379.yml ParentImage\|endswith: '\elevation_service.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.