Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

ARK Surviv...er.exe

windows7-x64

1

ARK Surviv...er.exe

windows10-2004-x64

1

ARK Surviv...ch.exe

windows7-x64

1

ARK Surviv...ch.exe

windows10-2004-x64

1

ARK Surviv...er.bat

windows7-x64

7

ARK Surviv...er.bat

windows10-2004-x64

9

ARK Surviv...ck.dll

windows7-x64

1

ARK Surviv...ck.dll

windows10-2004-x64

1

ARK Surviv...64.dll

windows7-x64

1

ARK Surviv...64.dll

windows10-2004-x64

1

ARK Surviv...64.exe

windows7-x64

1

ARK Surviv...64.exe

windows10-2004-x64

1

ARK Surviv...64.dll

windows7-x64

5

ARK Surviv...64.dll

windows10-2004-x64

5

ARK Surviv...le.dll

windows7-x64

1

ARK Surviv...le.dll

windows10-2004-x64

1

ARK Surviv...a2.dll

windows7-x64

1

ARK Surviv...a2.dll

windows10-2004-x64

1

ARK Surviv...md.exe

windows7-x64

1

ARK Surviv...md.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ARK Survival Evolved.rar

  • Size

    2.6MB

  • Sample

    230608-czqpnsba36

  • MD5

    86a80b73bb7e795e987b33bf22d2cef3

  • SHA1

    29d4089d992a90a073afe39d2ec1dd08cd5d0984

  • SHA256

    065308e696cf3e97073c9875fd54344aca6ea9dd9d9af39587319c6f71f62beb

  • SHA512

    63c0179b41ec055e9ef04e456e666d72267c0f4e75bbfa8eea2083424f8d8c60af5e56ff9074308a74554b032e5fac681d84d3136c3305f555c6908d3d950891

  • SSDEEP

    49152:0nKOpVJAIoyGhQH9iASXQMxidiQ31zt5hYQ5xgK5pMlOeW6Iw25uIAQA/:8cyOfVQMxk1zt5yQHz5pMlOerIblnK

Score
9/10
ransomware

Malware Config

Targets

    • Target

      ARK Survival Evolved/ARKLauncher.exe

    • Size

      935KB

    • MD5

      28a2ae7c57b8e4f39cac1b2cb2b48828

    • SHA1

      25c6d8c9ca62d23da7a24525cd9ff4bc27c77220

    • SHA256

      debe8711641feee438f20df18bed8b16a0fbf2369e8f800dbc097ec3d52bddbb

    • SHA512

      efde7e3797aba346902a3c582a0f55cf8600081157dbb9e87909349f3dd2847b9dcd1c7ceedb8aec4cd5e8b15269b9ba602948ade7b46f88c46ca04caad859ac

    • SSDEEP

      24576:/eahPOwxy8PwdLJB5GNAUFbOljVVDbWB:jh2wxDwdLJBXUA

    Score
    1/10
    behavioral1behavioral2

    • Target

      ARK Survival Evolved/AppID_Patch.exe

    • Size

      14KB

    • MD5

      5cfd8a7fee197af23e5992ba302b8c40

    • SHA1

      564c20bba961922a2885c074388485b32d5bef19

    • SHA256

      6ef1e029dab17e852cf2fcf23aa94336db23efa6b6c96a5e2d04fb7bc3824ca7

    • SHA512

      0dac7471801727321941ee94a8f509272a3e0048dc4872a1a283d22e9483a91bf854c89b5003e2fc9bd04f848ea05c6f02c7b8df2d4730de9b019c52cd05bc1d

    • SSDEEP

      384:+io46opoKaZGK+2i9DNKhFRRNXrBToC7e4/QAX93N6bHU:+ih62gZGKqDNAFfBFoC7e4/ht9E

    Score
    1/10
    behavioral3behavioral4

    • Target

      ARK Survival Evolved/ArkDownloader.bat

    • Size

      760B

    • MD5

      1be16aa4ff86085769da648371ced408

    • SHA1

      490222e3768e9add2e6aee07e2b2d33c0417d591

    • SHA256

      db2b72fbe6d51e7294861fcd7a0dec9589a068989a4a50546e76c010f3acc938

    • SHA512

      718bdc4f067de7fa4e3a2ba098bbed0f3e9a65bf76e993cd92bb0f1549017d3e975b099b54620b5fa8996639c8c1a2f70433bb6ce2c9652010c531a539a5977e

    Score
    9/10
    ransomware

    • Renames multiple (157) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral5behavioral6

    • Target

      ARK Survival Evolved/InnoCallback.dll

    • Size

      63KB

    • MD5

      1c55ae5ef9980e3b1028447da6105c75

    • SHA1

      f85218e10e6aa23b2f5a3ed512895b437e41b45c

    • SHA256

      6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f

    • SHA512

      1ec4d52f49747b29cfd83e1a75fc6ae4101add68ada0b9add5770c10be6dffb004bb47d0854d50871ed8d77acf67d4e0445e97f0548a95c182e83b94ddf2eb6b

    • SSDEEP

      1536:+VqUE7JhgAzj/ZuhnOwKWSAXvze/V2C0mswp91:gWgAnB3XDAqt/p91

    Score
    1/10
    behavioral7behavioral8

    • Target

      ARK Survival Evolved/ShooterGame/Binaries/Win64/LumaGameLauncher_x64.dll

    • Size

      350KB

    • MD5

      06e432f3e3f93e3e7138730bb4e6dfc2

    • SHA1

      f9dda86936291cd59ae86730f61307843ebd009e

    • SHA256

      41daa3519b6b008ce2e1f09ef9283689a388dc071a985e2a3ad5fe3252a4b89b

    • SHA512

      8c2f97a9623835c2c9115d9651c621f798b93c7b33a5ce5c22fdbfd540126a3db8350fbeada057f604847d35d1e1c3382082a40ad06fa00ac723b0076c43e500

    • SSDEEP

      3072:3RIXZ973lKB4hb1vD4Z5RXKob6T00zVhHUYmsnASIvU94gJs:3RIXZ974B4htDI5J56TLb0HWA9UB

    Score
    1/10
    behavioral10behavioral9

    • Target

      ARK Survival Evolved/ShooterGame/Binaries/Win64/LumaGameLauncher_x64.exe

    • Size

      329KB

    • MD5

      2dc4ece95b98195f63e7f142e79011a9

    • SHA1

      39d905d1726de7fbc2052c4030de159bfd2c4cf4

    • SHA256

      2b7faa6fa7bbdf4a55b02c879dc352669b60bd07a6f4e53d0c7bec006b1d8ffb

    • SHA512

      6d2faf6edcc51bd9b2241f986114c08d8df5c9b5624b6a58f73ff219c62136ae2c3f1bcbe91cfd882af92bd2ab97bfcaefc57faf06357cc9a809e2401fdfdcb0

    • SSDEEP

      6144:GeuuETigIvdT8vov9HaFBYOf5HM/f8lBw8ACrN51wDXkPwEGvw:GBa19DyBMclBw9YjuDXW9

    Score
    1/10
    behavioral11behavioral12

    • Target

      ARK Survival Evolved/ShooterGame/Binaries/Win64/steamclient64.dll

    • Size

      928KB

    • MD5

      fe567a0ac237324ee86a6714155f4f4a

    • SHA1

      5d670d104f14327920126fd6f4d7bb5d9780e2b6

    • SHA256

      a0f57b0d3d2a0e5b8ef707a9f8905a08869df9a0517c81ed285acab1bd624432

    • SHA512

      4e2375a7d22bf41efa642afdfbe8c09e76e642136b404cbfa5efafa0c380714da37da95df4a17cc09db109e6ec53afcdf8a5b2b50d9f61a2ba5ab65d15dd0248

    • SSDEEP

      12288:GXnhNhzgq0fPg/5xxl9BkF5tR0rp7J3/4:GXXhzgq8K/lnkF5Wd3A

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral13behavioral14

    • Target

      ARK Survival Evolved/Style.dll

    • Size

      2.0MB

    • MD5

      16d22d5492bda0e1ab73c78118a5b3fb

    • SHA1

      2d01de9c448f50254e5ab6486c1678dbe625b092

    • SHA256

      97469efd5dcf4caa0d32d4d96405277d730059102f36f22f3fdb59159570fb91

    • SHA512

      ff62ce62509b49dbae39a1a6762f247e68bda6d8cf30015ebfbbb431a5c5122a9325331462f4b2d3df0119f44ff95eee586b2248d880f8e6a2e277f59bbbde1d

    • SSDEEP

      49152:qCOIa+f8y5f8Bk3VTaStGYPtjDTUrfuagyE:qD2803oUtAr

    Score
    1/10
    behavioral15behavioral16

    • Target

      ARK Survival Evolved/botva2.dll

    • Size

      34KB

    • MD5

      0ebd19796c55ac47b40efde9c802d645

    • SHA1

      5b8177b60c39795315478c1a83c0b1f42a35e518

    • SHA256

      4f820fb51bd31c754a1de8018f6c5038cc43aa6df58e76eb6357953d96435198

    • SHA512

      7b20b0e9641291d5f7d5039a4c1d37e68f49fcaaecb3c0fa40385bcb1c1f79f04bf5eb2578f3255822a01eaab0117b73c9c195e87bd714a6d8e6618824a022a2

    • SSDEEP

      768:poi9qZO9Q4rAJaIRtyoJodxKwZVE1kwIT2sP:pv9qZMQVrLBb2DP

    Score
    1/10
    behavioral17behavioral18

    • Target

      ARK Survival Evolved/steamcmd.exe

    • Size

      1.6MB

    • MD5

      2629c77b1149eee9203e045e289e68ef

    • SHA1

      e45974be43d33419ac8e5208e0b2b787cd592fc4

    • SHA256

      fc103a323d70caaac475ae1cfcacfd8eec4c6b1e130005c4793f2013b4b019f8

    • SHA512

      397c238f43c6208feea21fb929e6f6429b3ed035414dc779982350998030dda834431864026e22f2b6a2c99b8b2bcd6d5d2970dd8d71c39698f03d6043c6778d

    • SSDEEP

      49152:r38U9PBcjnaqMbyrsmYjDVUf1yAF4/LPT4gsVdqJVuOji1Y:rn5cjnaqMbytYjRQy54g3

    Score
    9/10
    ransomware

    • Renames multiple (157) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral19behavioral20

MITRE ATT&CK Enterprise v6

Tasks