elevation_service.exe

  • File Path: C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exe
  • Description: Google Chrome

Hashes

Type Hash
MD5 AFD137B53BA091ACBA569255B16DF837
SHA1 0EB5542F38CF75676F391CC6FC7698C6B599BCFA
SHA256 54110545034F5BD5F43F1849AA40DADAFBF0DF61D61E208851782F4EE23499B3
SHA384 7A87E37B64753D943BB6DCABFBE41C29D9EC6BF980685C331A01F68B1492A0067120FEDE2552F379CD08363DBE83515C
SHA512 7CCE455E38994736671A4B39B29194D3DB8C72E7EF4FCA1FB8CFA492581C61EAC2C624451BFCA17806C80AE3CCE152335F21FEF3675EF6B479F376D3BE203EC8
SSDEEP 24576:+0xCSxrlfMK/dKgVcOATcbJqhioi5n7DhMicP3m9htUGTVbcKx3k:+gJfhdFVTATc0h9imPMhtrTZcKx0
IMP 41E2FE34C02E0A17858AE9ABBA6F4CC9
PESHA1 0A5900C1BEFDA8EF4EBECC2ECDC0F35714605C81
PE256 F25FCBED21EE19D41447B721D6BCDF8B27B76F25A0B23FB520B0CF29745D6DFE

Runtime Data

Usage (stderr):

[0924/171420.076:ERROR:service_main.cc(150)] Failed to connect to the service control manager: The service process could not connect to the service controller. (0x427)

Loaded Modules:

Path
C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exe
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\SYSTEM32\ntdll.dll

Signature

  • Status: Signature verified.
  • Serial: 0C15BE4A15BB0903C901B1D6C265302F
  • Thumbprint: CB7E84887F3C6015FE7EDFB4F8F36DF7DC10590E
  • Issuer: CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US
  • Subject: CN=Google LLC, O=Google LLC, L=Mountain View, S=ca, C=US

File Metadata

  • Original Filename: elevation_service.exe
  • Product Name: Google Chrome
  • Company Name: Google LLC
  • File Version: 85.0.4183.121
  • Product Version: 85.0.4183.121
  • Language: English (United States)
  • Legal Copyright: Copyright 2020 Google LLC. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/70
  • VirusTotal Link: https://www.virustotal.com/gui/file/54110545034f5bd5f43f1849aa40dadafbf0df61d61e208851782f4ee23499b3/detection/

File Similarity (ssdeep match)

File Score
C:\program files\Google\Chrome\Application\85.0.4183.83\elevation_service.exe 94

Possible Misuse

The following table contains possible examples of elevation_service.exe being misused. While elevation_service.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma file_event_win_cve_2021_41379_msi_lpe.yml description: Detects signs of the exploitation of LPE CVE-2021-41379 that include an msiexec process that creates an elevation_service.exe file DRL 1.0
sigma file_event_win_cve_2021_41379_msi_lpe.yml TargetFilename\|endswith: '\elevation_service.exe' DRL 1.0
sigma proc_creation_win_exploit_lpe_cve_2021_41379.yml ParentImage\|endswith: '\elevation_service.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.