Analysis

  • max time kernel
    47s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240419-en
  • resource tags

    arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    01-05-2024 23:48

General

  • Target

    RocketDock-v1.3.5.exe

  • Size

    6.2MB

  • MD5

    a79fb1a90fb3d92cf815f2c08d3ade6d

  • SHA1

    25e5e553af5e2d21b5cfc70ba41afb65202f6fd5

  • SHA256

    43759b0c441fd4f71fe5eeb69f548cd2eb40ac0abfa02ea3afc44fbddf28dc16

  • SHA512

    82aa45337987c4f344361037c6ca8cf4fbf0fc1e5079ac03f54f3184354792965f6f3b28bd2ab7b511d21f29859e2832fc6b6122a49ddecde12afc7e26fd62dd

  • SSDEEP

    196608:wS1Nuitsw1fb2P/SyvpCwxDFNcSBXtikesEs:wQdtPIqyvpCwxJZXokeXs

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\RocketDock-v1.3.5.exe
    "C:\Users\Admin\AppData\Local\Temp\RocketDock-v1.3.5.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4168
    • C:\Users\Admin\AppData\Local\Temp\is-CN3IJ.tmp\is-M7UIN.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-CN3IJ.tmp\is-M7UIN.tmp" /SL4 $50052 "C:\Users\Admin\AppData\Local\Temp\RocketDock-v1.3.5.exe" 6123423 52736
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:4368
  • C:\Program Files (x86)\RocketDock\RocketDock.exe
    "C:\Program Files (x86)\RocketDock\RocketDock.exe"
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:3612

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\RocketDock\Defaults\DefaultIcons\Unknown.png

    Filesize

    27KB

    MD5

    1c364942307376f91d0394df3739f574

    SHA1

    6bdc6222b3e003470ffd1e2622ca56288c1b7e74

    SHA256

    0cea759d08a3502e0fe1352d8ccb1c351599cfcaa9b9895f482a021d6d0c15e6

    SHA512

    214c2b55118ba85e1de56a7b77f6b6a45c5a36b3a5ab144d0e0ca4e42268beb721d56f1719eb9b31f3dc7465ef1b9d074fe1d5b63d34c876bea049ff14524903

  • C:\Program Files (x86)\RocketDock\Defaults\DefaultIndicator\Indicator.png

    Filesize

    2KB

    MD5

    66a372c4e5165597813542e01494016f

    SHA1

    5406434b1f0bf56820897b79ba6599f820ef3eb0

    SHA256

    a079bee00c98653f9a9cd72e4423ed02f4b9d7f105ec63e7c3c43dd8800eea1a

    SHA512

    42d3efd1d7904ac4e85b6621978dfb7531d2d23e643c18aba7072fc84c61900be736fe2a1e3ae2701fbecb5a2209971c7fe6eccf24c0f524374c2bd1f543a3b8

  • C:\Program Files (x86)\RocketDock\Defaults\DefaultPoof\Poof.png

    Filesize

    33KB

    MD5

    7869ba8962c1393531ee0e4d1870967c

    SHA1

    f2067ffc878a3f6f0d8d45ebc0643044cff34b8a

    SHA256

    9ac5d4e571f2735666c26f9f282da37526390f58d867b9eafd0ce37727b26a76

    SHA512

    5826b49efbb14129a85ef9b9a6de95fe5a94e59dff21a482f4ab1576b2f10f87b382d012f641d37c502ca8e675b628ab9e569fae527f9b52130f4a5430037ac6

  • C:\Program Files (x86)\RocketDock\Help\English\images\is-RUFJA.tmp

    Filesize

    39KB

    MD5

    ff3593c9b855c817553ab8d31448309f

    SHA1

    6738e4fd00c45548002663d82c2e3a8454e69106

    SHA256

    3fcacd9c4f85f0feedd77d9fdec0196e842eeb01bf2e1fe34854236a42f65bfd

    SHA512

    f3691514edaa35e6b4b0ad1d392add4f90e8cd3a378a8e223771bcce43e4af8316afaa771c9834c19229a127084cb223d3a46e575bb612e0f0ad80ab7f9cefa2

  • C:\Program Files (x86)\RocketDock\Icons\Control Panel.png

    Filesize

    53KB

    MD5

    18009b40a2c9ab3d246073b4c2bed41d

    SHA1

    0fac212ee53823915e8a53421f656f3725b8ea4e

    SHA256

    8a31e92b544eec3b5051d15a34ea6b79d598dc6d9bf5a536bf84bc8da260be17

    SHA512

    90f589544c46b8ed74f30898e0d413ec79578c6e77d6bd663112483f4d8364363e7256bd215ba9bf9322cabbe840113136e99dd853a660abf292f606727ac4bb

  • C:\Program Files (x86)\RocketDock\Icons\Internet Shortcut.png

    Filesize

    68KB

    MD5

    c2859c7a21d9d623306728ab69cf8977

    SHA1

    c4f69f2bf99ade1292acc30d681048069abe7066

    SHA256

    35ac220c00e719ff3b4eae1ec99bd27169880b86ef8d1bb30bb4611d5f0dc67c

    SHA512

    5da8fa715a57773c8f6035530ae893851a87374d938d38302b2833e9a07dc8561bb6b6ee1e55e599c37c9485e773df211a47d9a73ef7e37bbcbead024358a365

  • C:\Program Files (x86)\RocketDock\Icons\My Computer.png

    Filesize

    52KB

    MD5

    61e737de5e18eb84ecc7e28b06e88292

    SHA1

    e3896a994abf8a1c6fdb9cc2f7957fd527e18497

    SHA256

    b31e8bde8b969e592af47163a948ed5f582af9d45145c214fc4fa85e2f5de082

    SHA512

    232da687903a824cbfdd20da453b8d630c4d6d9312fef12408a1bb08ed9e7d3067495a590c29d71d1f20164b4317373e1e3bd026bb9f01e2c378352b530284b0

  • C:\Program Files (x86)\RocketDock\Icons\My Documents.png

    Filesize

    43KB

    MD5

    003451a5db60a8fdda5a6c106d46f17e

    SHA1

    2a3846773abcd7134fed69a0708126a226a8f1e8

    SHA256

    850a3300c0ffadfd7d7cd2c80053dbe6337168cf4d3820e1e4ee996ec1c7516b

    SHA512

    95383281f25c5b3f98b274673dd6d09f1362a0f10562543596c5f18127bb237820ab904b7213fc2e1fa44b76080b90f7250bbc980f7eb8611b13ae011a2466f5

  • C:\Program Files (x86)\RocketDock\Icons\My Music.png

    Filesize

    60KB

    MD5

    589874cef0af104b2d47c7ff0cb866a5

    SHA1

    86587b930c0093e20e911ea55a3b10f9f7aa3831

    SHA256

    df20d631387a24757d118a75244ea2197512797fa0cb534dbc2cdc4a96446066

    SHA512

    47d4cff4a089cd2299cb88ec783185b34a9751ecbd6a76c41faba9d19ee8e030acef68f935a203cbdea52e55748fa175f1ca7a3494963c53ee0968a89e17b20b

  • C:\Program Files (x86)\RocketDock\Icons\My Network Places.png

    Filesize

    67KB

    MD5

    06542545b7a8b8d4f95d9e89e928d9bd

    SHA1

    eaacb432ca48adc49c5afb75094047e68ac7c1c3

    SHA256

    06c978a07ba9cb5f87f6ae7180a021835fcbfe4fe3d9781f312fe46903c1c791

    SHA512

    52475377d57791521bb9c5ec27daab01f977f7bf9ec2f9026db5900a1512a088413ff10291d717cc195f96805a217df81f1a6c7cbae01140feb61a7bb1603453

  • C:\Program Files (x86)\RocketDock\Icons\My Pictures.png

    Filesize

    66KB

    MD5

    d637cb706b13445582d68355d22456d1

    SHA1

    aa4ce1bf9a20c3fad3505d9247aeb2f4f57abdcb

    SHA256

    0b19e4b8d00891e56e8cb65829a843219e29958244c050247bf27f9e91cb0c39

    SHA512

    6086d520ab3654113ff2890de2fe29939a1f4e6c19d867c3e359e26ca048ef7a2b8de007dcb1580a7eb2dc0496d0ca97f5c9806b62348554305fe879baafe699

  • C:\Program Files (x86)\RocketDock\Icons\Recycle Bin.png

    Filesize

    39KB

    MD5

    e082cfb136c13490a1d74f5b489964e0

    SHA1

    90a6cc54641e9ea7c393620278033665ac942158

    SHA256

    6508b13b0d83956a184f2ceabce1c2449ac6de4af4513208959a0b76328520ff

    SHA512

    fee1ef354974aea09faa34d25601ef9518510fbf63a93be322d4073b39e1ede9f3cba5b67ee9c7412dba538484209cb5fb666cc0acd82657e9e491dc754408f2

  • C:\Program Files (x86)\RocketDock\Icons\RocketDock Options.png

    Filesize

    39KB

    MD5

    1644b8ae74776b85ff955f7283793599

    SHA1

    ebd04bbfa83a73f45b3da776e3e66bb45868ad67

    SHA256

    04b6e00498c2a69f32a350b40008aed0fffcb3094c9c00b289f0f2bb5c3ae5c1

    SHA512

    ad565f26e796843af28a894bd75d1ebae8cd1661f4950f0bff68beac5745ae59232d96a73eebac84dee83adb690456e115eb55bc817aadb5eb864f0e24a7e0b9

  • C:\Program Files (x86)\RocketDock\Icons\Shirt.png

    Filesize

    22KB

    MD5

    9bfad2d291994d737e23f55f8102d8f7

    SHA1

    13243f5684bcdafe1817289289abae00a701bf2d

    SHA256

    28c4746d9b6e4d78bb7a4112697f569531f86a459a6b21f575dfff4c29ab4a8f

    SHA512

    2cc6f9a4c195c6beb00abfb31ada8d1ba189454271ee0e95020bd7323dc2080e99786895a440e3220e4eba0047b24e751a35122f1c27a388b6a599bf34ddfd0e

  • C:\Program Files (x86)\RocketDock\Languages\1033.ini

    Filesize

    7KB

    MD5

    56dbfad4da9debef0f4525d90519a4aa

    SHA1

    929e34304452df1ec3a89d4020d5b8ac73e4a2ab

    SHA256

    c20c89f574f3c2b669bf1dafdabe1478442651d40f92bc9a66f9a5ac5aaa9014

    SHA512

    9747b360d68c83431d9c575fc214bd98ecaa6fa4c0b7cf9c37af5130cb29a50de81bc62770b7141a942a14f03a09545bf492a5bc96890083c3df374f83e13764

  • C:\Program Files (x86)\RocketDock\RocketDock.dll

    Filesize

    68KB

    MD5

    4a2a05b25df4385f5aec6f07b1c1e93d

    SHA1

    d9c05e1960a61775f1ea7849064140c2becaf5ea

    SHA256

    66704ce3eb7e723ba20d1ab7036ad0ba9e0a94261b7e66636b01dc76defedb9d

    SHA512

    f1694ff27da2af33f6e8bda40dee62c5af29d1c46aa857cee6d5bd04c7ee3f25f7c0815b335f2e62ebb7b47f79ed879512c20c2ba7ae28bb03cd88069fb9533d

  • C:\Program Files (x86)\RocketDock\RocketDock.exe

    Filesize

    484KB

    MD5

    7dfccc67990b6de7f30f553a4e4612a4

    SHA1

    521e9198e3dc1d41fac02eb01fb9f47f6d2a9855

    SHA256

    9ff98d6fd2539cefc9f42103a7f72388bed6ee590400559b92bc7430228da36a

    SHA512

    e43038e184a4271633f7925656aa37d14dd67fb606aa18e8e9e18329cf9e71965217bc9687a5e317d0ab97cea40e40f0a72b0cf6d56d5c85cf1e1038e6be30eb

  • C:\Program Files (x86)\RocketDock\Skins\AstroIron\is-7TIU7.tmp

    Filesize

    223B

    MD5

    897b938340df28f4b6644a21e993b5b4

    SHA1

    2ce7d74e54923fd3c0a9d3b55198c0052e65fb11

    SHA256

    2f9a65652dcfd86b9a423926171a475d45085ba1447c2a0b553da2c3875043f3

    SHA512

    9ba3f6635cb2590bda828a88a624083db1c258d5953e82ac13a9134eceb38d8b03f60adb5d2b42479f68f294d400b2422d16784e7bd4c012f996b50eb41f47e6

  • C:\Program Files (x86)\RocketDock\Skins\AstroIron\is-TSMPT.tmp

    Filesize

    63B

    MD5

    d790ef81c98f5e58509753663c555450

    SHA1

    114b312c07d64f3bb51d58a461a79109751df34d

    SHA256

    1b5fbb364299f161c9a6ee23d64a611492761c9712e349132915b7717cce77f4

    SHA512

    460ddca2cd01449cc8312ba08816de256b06bb0c1084a2b7ed57c9afb5e01b6da23e44c4b3f07f7c348cb6a47dc5319cfd3dd83188c3fbbc29d83831920ef5d6

  • C:\Program Files (x86)\RocketDock\Skins\AstroSteel\is-CNF9P.tmp

    Filesize

    233B

    MD5

    d8c0948e64049e25a4bea36be876a4a6

    SHA1

    9314e3eae11685af5c639eacb069190cfff0f785

    SHA256

    07535227466cd96a3f79f871db31c5b6d66e3467b02a041e87ba53576711bb16

    SHA512

    3f329eb8e3fd388cd1ff7dbf0991b4b9836a68a2c9d966ae19a803346bebbb570713a54a484df75b662455bd6bc7e14444062d0b8cf2f0168e42806f1c1d5832

  • C:\Program Files (x86)\RocketDock\Skins\CrystalXP.net\background.ini

    Filesize

    219B

    MD5

    1a01e1dfc3bc3c88383f5028d71cfb7e

    SHA1

    9ce1d2adaf5a5a8899195c3390f49e9af727d3d2

    SHA256

    38811cbc22c6a8aa28c52f573e5b0cf31b82328b8c2f349e148b0951d16fed65

    SHA512

    3b8605b99b6040250f54e225fa6659b617ff4384fc7ff2254a8bde638b63aa33ce14344615b1c6161b348b69c1ba1ce574e0317a265c5ae2dac4825db6b65100

  • C:\Program Files (x86)\RocketDock\Skins\CrystalXP.net\bg.png

    Filesize

    5KB

    MD5

    5c86bd8c19ef9debd2b2369bb1ec996c

    SHA1

    d68e6a26bf79922d2c3b2eb8376a9f54e0841c03

    SHA256

    a1602635597107cd4d18ff1d3afe070c8a8521ce070e43bd951b07c1f6d429d6

    SHA512

    1462cba82d27d354b830662d3c26bc18803872ceb5059d7ef07f66116bd98732832601cbf1b0dfea491d9ec32b14f6fda36b8d2c5e2ee3243dcd6d6c3bc405fc

  • C:\Program Files (x86)\RocketDock\Skins\CrystalXP.net\sep.png

    Filesize

    2KB

    MD5

    e3220178309130ed29f8d1edcf2938fc

    SHA1

    437c4365913b753a17088a0be051b7e1584a0705

    SHA256

    a4a01c5ee655ac90e5dbf6abe4893622da314896f55eb044a3bc320d05805652

    SHA512

    dcb0a3210704324d9e075a35728811519a15e2408e818d9c0776d07119fdb55a99f10662316ac8f323a9917d28476e8bdba400536a128ed0daac69eebeb5651a

  • C:\Program Files (x86)\RocketDock\Skins\CrystalXP.net\separator.ini

    Filesize

    63B

    MD5

    3b228afa02fb21fefe076ae62e4f7833

    SHA1

    f9f756477625f771350824398c912d1e7086af48

    SHA256

    261fedabe70490d9824435f581be0fcc5fefc37dc5151838d0fd888f3ece10f9

    SHA512

    05e3976fbfd5164feddb5e989b46890689b6e79d0c8db7040faa3b91a29aa375f68da04292d28545c658b5a0c01ef57456961de758f71db2ff6a70c043876040

  • C:\Program Files (x86)\RocketDock\Skins\Inspirat\is-100C0.tmp

    Filesize

    69B

    MD5

    61942857b9195d332e8652f327e1fc9a

    SHA1

    08bc1313f64cc70a4ab1c17729e04a305d536ea2

    SHA256

    3209912209357823aa3bc1f6fd45e2bcdaaa6b47bbc60233731601d10acb4ef6

    SHA512

    22323d771b2bf7f61e4a120a750f9c6125d516e01214d12e952a22046fd0326675f0e671b166ac07e73ea0f48db41dbea9ea5586ae662a5d84fa29b9b9ea5c4c

  • C:\Program Files (x86)\RocketDock\Skins\ProtoIron\is-FAMKR.tmp

    Filesize

    223B

    MD5

    af5ae49010e6ca1f108b805fa8b8b098

    SHA1

    391b94f97e470e6e45ea32b32a1e3b0a7ab4406a

    SHA256

    fab2d4d53b491671deb18cb13402a2e26208a533eaaced4a326ff3dc8da79d12

    SHA512

    a91a9d971b42e0cdac954e663abfeea8495c255201ba7f410d39ea057052550bc7cc20778c154712753324b7306dfed6d07750e265131c3b60ba161900dd6315

  • C:\Users\Admin\AppData\Local\Temp\is-CN3IJ.tmp\is-M7UIN.tmp

    Filesize

    659KB

    MD5

    5aa68bb2bf3b994bda93834ad34e7963

    SHA1

    0156732d5dd48feacfab3aa07764061d73b9116c

    SHA256

    a90bfd9874c3e60650dba4c286b97ccdb375a456b95556feb38f3cba214770aa

    SHA512

    e52fecbba96aa911552ef0e11d5d044ec44caf6e0947f64c9a17b04d846a3e86d19e4dfa5ac981fc98d44f941fda3a697c1d23ac6e8ef162f4bcdde9142f22f7

  • memory/4168-791-0x0000000000400000-0x0000000000413000-memory.dmp

    Filesize

    76KB

  • memory/4168-0-0x0000000000400000-0x0000000000413000-memory.dmp

    Filesize

    76KB

  • memory/4168-13-0x0000000000400000-0x0000000000413000-memory.dmp

    Filesize

    76KB

  • memory/4168-2-0x0000000000401000-0x000000000040A000-memory.dmp

    Filesize

    36KB

  • memory/4368-14-0x0000000000400000-0x00000000004B4000-memory.dmp

    Filesize

    720KB

  • memory/4368-7-0x0000000000400000-0x00000000004B4000-memory.dmp

    Filesize

    720KB

  • memory/4368-790-0x0000000000400000-0x00000000004B4000-memory.dmp

    Filesize

    720KB