elevation_service.exe

  • File Path: C:\Program Files (x86)\Microsoft\Edge\Application\85.0.564.68\elevation_service.exe
  • Description: Microsoft Edge

Hashes

Type Hash
MD5 9B0160C261A30ED813A4B2B9C95369BC
SHA1 FDD522B5D2CCC4110A0069DBFC041B405FA44A8F
SHA256 0B2C142F42AF50E926674DEAF0A1BBD13E8AA88F19A306959AACA138FC64AB10
SHA384 48FB93C5A3D8F0A6E82D66C62E5026B3AA042EDB61EF328A94FAAF797C63D0DD3EE236C7E8CA71F2B98AEF661F826188
SHA512 976F44405C056585BB03D1A40FC1425EB170A62C6B1B314C3DF974D712011B3F65E72EA77E0B6A334F7C383F74460C5E5A519A29016795B1A91D33B15A7758F1
SSDEEP 24576:pS4pNBLRrKtTs57ACPW733E05/+qSqqwAzK8G2jT2jVLe:s4JVv7NO7E05/JSguBG2jT2jVS
IMP CE90F125D0D1940512F4888803057DF0
PESHA1 A9E0236E632E86A7D7306D030EBF6BDE5FC0EA91
PE256 61B594F5A41A4527CF47C7438298F2F98EC335AB05BEDB0288A72A681DD8A12D

Runtime Data

Usage (stderr):

[1004/114111.914:ERROR:service_main.cc(150)] Failed to connect to the service control manager: The service process could not connect to the service controller. (0x427)

Loaded Modules:

Path
C:\Program Files (x86)\Microsoft\Edge\Application\85.0.564.68\elevation_service.exe
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\SYSTEM32\ntdll.dll

Signature

  • Status: Signature verified.
  • Serial: 330000018A073733CF2048893C00000000018A
  • Thumbprint: 640386795F1D21244E7EA6E7A6E69E9C5B0A4F3E
  • Issuer: CN=Microsoft Code Signing PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: elevation_service.exe
  • Product Name: Microsoft Edge
  • Company Name: Microsoft Corporation
  • File Version: 85.0.564.68
  • Product Version: 85.0.564.68
  • Language: English (United States)
  • Legal Copyright: Copyright Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/70
  • VirusTotal Link: https://www.virustotal.com/gui/file/0b2c142f42af50e926674deaf0a1bbd13e8aa88f19a306959aaca138fc64ab10/detection/

Possible Misuse

The following table contains possible examples of elevation_service.exe being misused. While elevation_service.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma file_event_win_cve_2021_41379_msi_lpe.yml description: Detects signs of the exploitation of LPE CVE-2021-41379 that include an msiexec process that creates an elevation_service.exe file DRL 1.0
sigma file_event_win_cve_2021_41379_msi_lpe.yml TargetFilename\|endswith: '\elevation_service.exe' DRL 1.0
sigma proc_creation_win_exploit_lpe_cve_2021_41379.yml ParentImage\|endswith: '\elevation_service.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.