Analysis
-
max time kernel
47s -
platform
windows11-21h2_x64 -
resource
win11-20240419-en -
resource tags
arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system -
submitted
01-05-2024 23:48
Static task
static1
Behavioral task
behavioral1
Sample
RocketDock-v1.3.5.exe
Resource
win11-20240419-en
General
-
Target
RocketDock-v1.3.5.exe
-
Size
6.2MB
-
MD5
a79fb1a90fb3d92cf815f2c08d3ade6d
-
SHA1
25e5e553af5e2d21b5cfc70ba41afb65202f6fd5
-
SHA256
43759b0c441fd4f71fe5eeb69f548cd2eb40ac0abfa02ea3afc44fbddf28dc16
-
SHA512
82aa45337987c4f344361037c6ca8cf4fbf0fc1e5079ac03f54f3184354792965f6f3b28bd2ab7b511d21f29859e2832fc6b6122a49ddecde12afc7e26fd62dd
-
SSDEEP
196608:wS1Nuitsw1fb2P/SyvpCwxDFNcSBXtikesEs:wQdtPIqyvpCwxJZXokeXs
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
pid Process 4368 is-M7UIN.tmp 3612 RocketDock.exe -
Loads dropped DLL 1 IoCs
pid Process 3612 RocketDock.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files (x86)\RocketDock\Help\shared\flags\is-IJPPU.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\Help\Spanish\images\is-3DF3Q.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\Icons\is-5PBP1.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\Skins\ProtoTree\is-VDE6R.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\Skins\ProtoClay\is-EM20M.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\Skins\Simply\is-ASID0.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\is-83M43.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\Help\Turkish\images\is-DAJE0.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\Languages\is-T19GH.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\Skins\Blank\is-M0NUN.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\Skins\AstroGlass\is-4MP91.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\Skins\Vista\is-OU1JA.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\Skins\VistaBlack\is-4RQ3F.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\is-4RF2J.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\Help\Spanish\images\is-0C35K.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\Help\Turkish\images\is-KEHCK.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\Languages\is-7EL0D.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\Help\shared\flags\is-V9MN8.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\Help\shared\flags\is-6P6B6.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\Icons\is-J3LGD.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\Skins\Brushed\is-K4TTR.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\Skins\AstroGlass\is-U6424.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\Skins\AstroLife\is-QLLCQ.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\Skins\Milk2\is-HJLAC.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\Help\French\images\is-D38SQ.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\Help\German\is-FUM4T.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\Help\German\images\is-F61AE.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\Languages\is-42JV7.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\Skins\Special-RD\is-VC6HF.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\Help\English\images\is-TLPPJ.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\Help\French\is-HCEEH.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\Languages\is-T38UN.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\Skins\ProtoIron\is-LJ847.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\Help\Turkish\images\is-S8ONC.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\Icons\is-0DBKL.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\Languages\is-309B8.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\Docklets\is-6ML0B.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\Docklets\RocketClock\is-F6KEE.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\Help\Czech\images\is-HRDD5.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\Help\English\images\is-28R07.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\Help\shared\is-OA7TP.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\Languages\is-BDI5G.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\Skins\Luminous\is-MA98U.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\Help\Polish\images\is-CGNUI.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\Help\Spanish\images\is-0DK4U.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\Icons\is-3A6DK.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\Languages\is-FNFHL.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\Defaults\DefaultSkin\is-6363C.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\Docklets\RocketClock\Images\is-6UCSH.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\Help\Chinese\images\is-0C11G.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\Help\French\images\is-Q6OB1.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\Skins\Blank\is-ML9LB.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\Languages\is-41VUL.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\Skins\AstroGlass\is-8D8GL.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\Skins\AstroSteel\is-UUC0C.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\Skins\Inspirat\is-100C0.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\Help\English\images\is-E4HKE.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\Help\Korean\images\is-4UD4U.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\Help\Polish\is-B8QTF.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\Languages\is-EPDFB.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\Skins\Minired\is-0LPTG.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\Skins\ZaKtoon\is-7J5KT.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\Icons\is-971U5.tmp is-M7UIN.tmp File created C:\Program Files (x86)\RocketDock\Languages\is-F0B0L.tmp is-M7UIN.tmp -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings RocketDock.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 3612 RocketDock.exe 3612 RocketDock.exe 3612 RocketDock.exe 3612 RocketDock.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 3612 RocketDock.exe 3612 RocketDock.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4168 wrote to memory of 4368 4168 RocketDock-v1.3.5.exe 79 PID 4168 wrote to memory of 4368 4168 RocketDock-v1.3.5.exe 79 PID 4168 wrote to memory of 4368 4168 RocketDock-v1.3.5.exe 79
Processes
-
C:\Users\Admin\AppData\Local\Temp\RocketDock-v1.3.5.exe"C:\Users\Admin\AppData\Local\Temp\RocketDock-v1.3.5.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4168 -
C:\Users\Admin\AppData\Local\Temp\is-CN3IJ.tmp\is-M7UIN.tmp"C:\Users\Admin\AppData\Local\Temp\is-CN3IJ.tmp\is-M7UIN.tmp" /SL4 $50052 "C:\Users\Admin\AppData\Local\Temp\RocketDock-v1.3.5.exe" 6123423 527362⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:4368
-
-
C:\Program Files (x86)\RocketDock\RocketDock.exe"C:\Program Files (x86)\RocketDock\RocketDock.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3612
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
27KB
MD51c364942307376f91d0394df3739f574
SHA16bdc6222b3e003470ffd1e2622ca56288c1b7e74
SHA2560cea759d08a3502e0fe1352d8ccb1c351599cfcaa9b9895f482a021d6d0c15e6
SHA512214c2b55118ba85e1de56a7b77f6b6a45c5a36b3a5ab144d0e0ca4e42268beb721d56f1719eb9b31f3dc7465ef1b9d074fe1d5b63d34c876bea049ff14524903
-
Filesize
2KB
MD566a372c4e5165597813542e01494016f
SHA15406434b1f0bf56820897b79ba6599f820ef3eb0
SHA256a079bee00c98653f9a9cd72e4423ed02f4b9d7f105ec63e7c3c43dd8800eea1a
SHA51242d3efd1d7904ac4e85b6621978dfb7531d2d23e643c18aba7072fc84c61900be736fe2a1e3ae2701fbecb5a2209971c7fe6eccf24c0f524374c2bd1f543a3b8
-
Filesize
33KB
MD57869ba8962c1393531ee0e4d1870967c
SHA1f2067ffc878a3f6f0d8d45ebc0643044cff34b8a
SHA2569ac5d4e571f2735666c26f9f282da37526390f58d867b9eafd0ce37727b26a76
SHA5125826b49efbb14129a85ef9b9a6de95fe5a94e59dff21a482f4ab1576b2f10f87b382d012f641d37c502ca8e675b628ab9e569fae527f9b52130f4a5430037ac6
-
Filesize
39KB
MD5ff3593c9b855c817553ab8d31448309f
SHA16738e4fd00c45548002663d82c2e3a8454e69106
SHA2563fcacd9c4f85f0feedd77d9fdec0196e842eeb01bf2e1fe34854236a42f65bfd
SHA512f3691514edaa35e6b4b0ad1d392add4f90e8cd3a378a8e223771bcce43e4af8316afaa771c9834c19229a127084cb223d3a46e575bb612e0f0ad80ab7f9cefa2
-
Filesize
53KB
MD518009b40a2c9ab3d246073b4c2bed41d
SHA10fac212ee53823915e8a53421f656f3725b8ea4e
SHA2568a31e92b544eec3b5051d15a34ea6b79d598dc6d9bf5a536bf84bc8da260be17
SHA51290f589544c46b8ed74f30898e0d413ec79578c6e77d6bd663112483f4d8364363e7256bd215ba9bf9322cabbe840113136e99dd853a660abf292f606727ac4bb
-
Filesize
68KB
MD5c2859c7a21d9d623306728ab69cf8977
SHA1c4f69f2bf99ade1292acc30d681048069abe7066
SHA25635ac220c00e719ff3b4eae1ec99bd27169880b86ef8d1bb30bb4611d5f0dc67c
SHA5125da8fa715a57773c8f6035530ae893851a87374d938d38302b2833e9a07dc8561bb6b6ee1e55e599c37c9485e773df211a47d9a73ef7e37bbcbead024358a365
-
Filesize
52KB
MD561e737de5e18eb84ecc7e28b06e88292
SHA1e3896a994abf8a1c6fdb9cc2f7957fd527e18497
SHA256b31e8bde8b969e592af47163a948ed5f582af9d45145c214fc4fa85e2f5de082
SHA512232da687903a824cbfdd20da453b8d630c4d6d9312fef12408a1bb08ed9e7d3067495a590c29d71d1f20164b4317373e1e3bd026bb9f01e2c378352b530284b0
-
Filesize
43KB
MD5003451a5db60a8fdda5a6c106d46f17e
SHA12a3846773abcd7134fed69a0708126a226a8f1e8
SHA256850a3300c0ffadfd7d7cd2c80053dbe6337168cf4d3820e1e4ee996ec1c7516b
SHA51295383281f25c5b3f98b274673dd6d09f1362a0f10562543596c5f18127bb237820ab904b7213fc2e1fa44b76080b90f7250bbc980f7eb8611b13ae011a2466f5
-
Filesize
60KB
MD5589874cef0af104b2d47c7ff0cb866a5
SHA186587b930c0093e20e911ea55a3b10f9f7aa3831
SHA256df20d631387a24757d118a75244ea2197512797fa0cb534dbc2cdc4a96446066
SHA51247d4cff4a089cd2299cb88ec783185b34a9751ecbd6a76c41faba9d19ee8e030acef68f935a203cbdea52e55748fa175f1ca7a3494963c53ee0968a89e17b20b
-
Filesize
67KB
MD506542545b7a8b8d4f95d9e89e928d9bd
SHA1eaacb432ca48adc49c5afb75094047e68ac7c1c3
SHA25606c978a07ba9cb5f87f6ae7180a021835fcbfe4fe3d9781f312fe46903c1c791
SHA51252475377d57791521bb9c5ec27daab01f977f7bf9ec2f9026db5900a1512a088413ff10291d717cc195f96805a217df81f1a6c7cbae01140feb61a7bb1603453
-
Filesize
66KB
MD5d637cb706b13445582d68355d22456d1
SHA1aa4ce1bf9a20c3fad3505d9247aeb2f4f57abdcb
SHA2560b19e4b8d00891e56e8cb65829a843219e29958244c050247bf27f9e91cb0c39
SHA5126086d520ab3654113ff2890de2fe29939a1f4e6c19d867c3e359e26ca048ef7a2b8de007dcb1580a7eb2dc0496d0ca97f5c9806b62348554305fe879baafe699
-
Filesize
39KB
MD5e082cfb136c13490a1d74f5b489964e0
SHA190a6cc54641e9ea7c393620278033665ac942158
SHA2566508b13b0d83956a184f2ceabce1c2449ac6de4af4513208959a0b76328520ff
SHA512fee1ef354974aea09faa34d25601ef9518510fbf63a93be322d4073b39e1ede9f3cba5b67ee9c7412dba538484209cb5fb666cc0acd82657e9e491dc754408f2
-
Filesize
39KB
MD51644b8ae74776b85ff955f7283793599
SHA1ebd04bbfa83a73f45b3da776e3e66bb45868ad67
SHA25604b6e00498c2a69f32a350b40008aed0fffcb3094c9c00b289f0f2bb5c3ae5c1
SHA512ad565f26e796843af28a894bd75d1ebae8cd1661f4950f0bff68beac5745ae59232d96a73eebac84dee83adb690456e115eb55bc817aadb5eb864f0e24a7e0b9
-
Filesize
22KB
MD59bfad2d291994d737e23f55f8102d8f7
SHA113243f5684bcdafe1817289289abae00a701bf2d
SHA25628c4746d9b6e4d78bb7a4112697f569531f86a459a6b21f575dfff4c29ab4a8f
SHA5122cc6f9a4c195c6beb00abfb31ada8d1ba189454271ee0e95020bd7323dc2080e99786895a440e3220e4eba0047b24e751a35122f1c27a388b6a599bf34ddfd0e
-
Filesize
7KB
MD556dbfad4da9debef0f4525d90519a4aa
SHA1929e34304452df1ec3a89d4020d5b8ac73e4a2ab
SHA256c20c89f574f3c2b669bf1dafdabe1478442651d40f92bc9a66f9a5ac5aaa9014
SHA5129747b360d68c83431d9c575fc214bd98ecaa6fa4c0b7cf9c37af5130cb29a50de81bc62770b7141a942a14f03a09545bf492a5bc96890083c3df374f83e13764
-
Filesize
68KB
MD54a2a05b25df4385f5aec6f07b1c1e93d
SHA1d9c05e1960a61775f1ea7849064140c2becaf5ea
SHA25666704ce3eb7e723ba20d1ab7036ad0ba9e0a94261b7e66636b01dc76defedb9d
SHA512f1694ff27da2af33f6e8bda40dee62c5af29d1c46aa857cee6d5bd04c7ee3f25f7c0815b335f2e62ebb7b47f79ed879512c20c2ba7ae28bb03cd88069fb9533d
-
Filesize
484KB
MD57dfccc67990b6de7f30f553a4e4612a4
SHA1521e9198e3dc1d41fac02eb01fb9f47f6d2a9855
SHA2569ff98d6fd2539cefc9f42103a7f72388bed6ee590400559b92bc7430228da36a
SHA512e43038e184a4271633f7925656aa37d14dd67fb606aa18e8e9e18329cf9e71965217bc9687a5e317d0ab97cea40e40f0a72b0cf6d56d5c85cf1e1038e6be30eb
-
Filesize
223B
MD5897b938340df28f4b6644a21e993b5b4
SHA12ce7d74e54923fd3c0a9d3b55198c0052e65fb11
SHA2562f9a65652dcfd86b9a423926171a475d45085ba1447c2a0b553da2c3875043f3
SHA5129ba3f6635cb2590bda828a88a624083db1c258d5953e82ac13a9134eceb38d8b03f60adb5d2b42479f68f294d400b2422d16784e7bd4c012f996b50eb41f47e6
-
Filesize
63B
MD5d790ef81c98f5e58509753663c555450
SHA1114b312c07d64f3bb51d58a461a79109751df34d
SHA2561b5fbb364299f161c9a6ee23d64a611492761c9712e349132915b7717cce77f4
SHA512460ddca2cd01449cc8312ba08816de256b06bb0c1084a2b7ed57c9afb5e01b6da23e44c4b3f07f7c348cb6a47dc5319cfd3dd83188c3fbbc29d83831920ef5d6
-
Filesize
233B
MD5d8c0948e64049e25a4bea36be876a4a6
SHA19314e3eae11685af5c639eacb069190cfff0f785
SHA25607535227466cd96a3f79f871db31c5b6d66e3467b02a041e87ba53576711bb16
SHA5123f329eb8e3fd388cd1ff7dbf0991b4b9836a68a2c9d966ae19a803346bebbb570713a54a484df75b662455bd6bc7e14444062d0b8cf2f0168e42806f1c1d5832
-
Filesize
219B
MD51a01e1dfc3bc3c88383f5028d71cfb7e
SHA19ce1d2adaf5a5a8899195c3390f49e9af727d3d2
SHA25638811cbc22c6a8aa28c52f573e5b0cf31b82328b8c2f349e148b0951d16fed65
SHA5123b8605b99b6040250f54e225fa6659b617ff4384fc7ff2254a8bde638b63aa33ce14344615b1c6161b348b69c1ba1ce574e0317a265c5ae2dac4825db6b65100
-
Filesize
5KB
MD55c86bd8c19ef9debd2b2369bb1ec996c
SHA1d68e6a26bf79922d2c3b2eb8376a9f54e0841c03
SHA256a1602635597107cd4d18ff1d3afe070c8a8521ce070e43bd951b07c1f6d429d6
SHA5121462cba82d27d354b830662d3c26bc18803872ceb5059d7ef07f66116bd98732832601cbf1b0dfea491d9ec32b14f6fda36b8d2c5e2ee3243dcd6d6c3bc405fc
-
Filesize
2KB
MD5e3220178309130ed29f8d1edcf2938fc
SHA1437c4365913b753a17088a0be051b7e1584a0705
SHA256a4a01c5ee655ac90e5dbf6abe4893622da314896f55eb044a3bc320d05805652
SHA512dcb0a3210704324d9e075a35728811519a15e2408e818d9c0776d07119fdb55a99f10662316ac8f323a9917d28476e8bdba400536a128ed0daac69eebeb5651a
-
Filesize
63B
MD53b228afa02fb21fefe076ae62e4f7833
SHA1f9f756477625f771350824398c912d1e7086af48
SHA256261fedabe70490d9824435f581be0fcc5fefc37dc5151838d0fd888f3ece10f9
SHA51205e3976fbfd5164feddb5e989b46890689b6e79d0c8db7040faa3b91a29aa375f68da04292d28545c658b5a0c01ef57456961de758f71db2ff6a70c043876040
-
Filesize
69B
MD561942857b9195d332e8652f327e1fc9a
SHA108bc1313f64cc70a4ab1c17729e04a305d536ea2
SHA2563209912209357823aa3bc1f6fd45e2bcdaaa6b47bbc60233731601d10acb4ef6
SHA51222323d771b2bf7f61e4a120a750f9c6125d516e01214d12e952a22046fd0326675f0e671b166ac07e73ea0f48db41dbea9ea5586ae662a5d84fa29b9b9ea5c4c
-
Filesize
223B
MD5af5ae49010e6ca1f108b805fa8b8b098
SHA1391b94f97e470e6e45ea32b32a1e3b0a7ab4406a
SHA256fab2d4d53b491671deb18cb13402a2e26208a533eaaced4a326ff3dc8da79d12
SHA512a91a9d971b42e0cdac954e663abfeea8495c255201ba7f410d39ea057052550bc7cc20778c154712753324b7306dfed6d07750e265131c3b60ba161900dd6315
-
Filesize
659KB
MD55aa68bb2bf3b994bda93834ad34e7963
SHA10156732d5dd48feacfab3aa07764061d73b9116c
SHA256a90bfd9874c3e60650dba4c286b97ccdb375a456b95556feb38f3cba214770aa
SHA512e52fecbba96aa911552ef0e11d5d044ec44caf6e0947f64c9a17b04d846a3e86d19e4dfa5ac981fc98d44f941fda3a697c1d23ac6e8ef162f4bcdde9142f22f7