General
-
Target
rmeinstaller.exe
-
Size
37.7MB
-
Sample
240620-rkzrcs1hqa
-
MD5
2e039403318fb3ab7267c2721ed3173e
-
SHA1
48de59ad767c0aa1c4d7fc2a3f6f0f341e725964
-
SHA256
83d3a2141aba68df2861190d239f7b72ef342605c242489a7a0aa83526af0b1b
-
SHA512
e941e3ddac7dd52e3383de3320d1d3cce51a55050501b6be8e0a3e205a10c66cec207c5f0687ec401430269119363ca3099f0d8f308227a5e1db19d92d13aa79
-
SSDEEP
786432:xbrTC80BwMIhIhFDPvWM72rAeGvPjOF98O0X2v4uri5rjgzuQ/NBxyTiJ:hrTC80BwMIhIhFDPvWM72rAeGvPjOF95
Static task
static1
Behavioral task
behavioral1
Sample
rmeinstaller.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
rmeinstaller.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
rmeinstaller.exe
-
Size
37.7MB
-
MD5
2e039403318fb3ab7267c2721ed3173e
-
SHA1
48de59ad767c0aa1c4d7fc2a3f6f0f341e725964
-
SHA256
83d3a2141aba68df2861190d239f7b72ef342605c242489a7a0aa83526af0b1b
-
SHA512
e941e3ddac7dd52e3383de3320d1d3cce51a55050501b6be8e0a3e205a10c66cec207c5f0687ec401430269119363ca3099f0d8f308227a5e1db19d92d13aa79
-
SSDEEP
786432:xbrTC80BwMIhIhFDPvWM72rAeGvPjOF98O0X2v4uri5rjgzuQ/NBxyTiJ:hrTC80BwMIhIhFDPvWM72rAeGvPjOF95
-
Possible privilege escalation attempt
-
Modifies file permissions
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-