Overview
overview
7Static
static
3Canon/Allx...me.hta
windows7-x64
1Canon/Allx...me.hta
windows10-2004-x64
1Canon/Allx...rv.dll
windows7-x64
1Canon/Allx...rv.dll
windows10-2004-x64
1Canon/Allx...ok.dll
windows7-x64
1Canon/Allx...ok.dll
windows10-2004-x64
1Canon/Allx...ic.dll
windows7-x64
7Canon/Allx...ic.dll
windows10-2004-x64
7Canon/Allx...32.dll
windows7-x64
3Canon/Allx...32.dll
windows10-2004-x64
3Canon/Allx...ch.dll
windows7-x64
7Canon/Allx...ch.dll
windows10-2004-x64
7Canon/Allx...al.dll
windows7-x64
7Canon/Allx...al.dll
windows10-2004-x64
7Canon/Allx...er.dll
windows7-x64
7Canon/Allx...er.dll
windows10-2004-x64
7Canon/Allx...ce.dll
windows7-x64
7Canon/Allx...ce.dll
windows10-2004-x64
7Canon/Allx...09.dll
windows7-x64
1Canon/Allx...09.dll
windows10-2004-x64
1Canon/Allx...0m.dll
windows7-x64
1Canon/Allx...0m.dll
windows10-2004-x64
1Canon/Allx...ui.dll
windows7-x64
1Canon/Allx...ui.dll
windows10-2004-x64
1Canon/Allx...1k.chm
windows7-x64
1Canon/Allx...1k.chm
windows10-2004-x64
1Canon/Allx...on.dll
windows7-x64
7Canon/Allx...on.dll
windows10-2004-x64
7Canon/Allx...s2.dll
windows7-x64
1Canon/Allx...s2.dll
windows10-2004-x64
1Canon/Allx...32.dll
windows7-x64
3Canon/Allx...32.dll
windows10-2004-x64
3Analysis
-
max time kernel
27s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20230703-en -
resource tags
arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system -
submitted
04/07/2023, 08:35
Static task
static1
Behavioral task
behavioral1
Sample
Canon/Allx64/-PS3_20.50/Readme.hta
Resource
win7-20230703-en
windows7-x64
Behavioral task
behavioral2
Sample
Canon/Allx64/-PS3_20.50/Readme.hta
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
Canon/Allx64/-PS3_20.50/aussdrv.dll
Resource
win7-20230703-en
windows7-x64
Behavioral task
behavioral4
Sample
Canon/Allx64/-PS3_20.50/aussdrv.dll
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
Canon/Allx64/-PS3_20.50/cnas0mok.dll
Resource
win7-20230703-en
windows7-x64
Behavioral task
behavioral6
Sample
Canon/Allx64/-PS3_20.50/cnas0mok.dll
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
Canon/Allx64/-PS3_20.50/cncolorimetric.dll
Resource
win7-20230703-en
windows7-x64
Behavioral task
behavioral8
Sample
Canon/Allx64/-PS3_20.50/cncolorimetric.dll
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
Canon/Allx64/-PS3_20.50/cnkyns32.dll
Resource
win7-20230621-en
windows7-x64
Behavioral task
behavioral10
Sample
Canon/Allx64/-PS3_20.50/cnkyns32.dll
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
Canon/Allx64/-PS3_20.50/cnmonitormatch.dll
Resource
win7-20230703-en
windows7-x64
Behavioral task
behavioral12
Sample
Canon/Allx64/-PS3_20.50/cnmonitormatch.dll
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
Canon/Allx64/-PS3_20.50/cnperceptual.dll
Resource
win7-20230703-en
windows7-x64
Behavioral task
behavioral14
Sample
Canon/Allx64/-PS3_20.50/cnperceptual.dll
Resource
win10v2004-20230621-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
Canon/Allx64/-PS3_20.50/cnrgbprinter.dll
Resource
win7-20230703-en
windows7-x64
Behavioral task
behavioral16
Sample
Canon/Allx64/-PS3_20.50/cnrgbprinter.dll
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
Canon/Allx64/-PS3_20.50/cnrgbvirtualdevice.dll
Resource
win7-20230621-en
windows7-x64
Behavioral task
behavioral18
Sample
Canon/Allx64/-PS3_20.50/cnrgbvirtualdevice.dll
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
Canon/Allx64/-PS3_20.50/cns30809.dll
Resource
win7-20230703-en
windows7-x64
Behavioral task
behavioral20
Sample
Canon/Allx64/-PS3_20.50/cns30809.dll
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
Canon/Allx64/-PS3_20.50/cns30m.dll
Resource
win7-20230703-en
windows7-x64
Behavioral task
behavioral22
Sample
Canon/Allx64/-PS3_20.50/cns30m.dll
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
Canon/Allx64/-PS3_20.50/cns30mui.dll
Resource
win7-20230703-en
windows7-x64
Behavioral task
behavioral24
Sample
Canon/Allx64/-PS3_20.50/cns30mui.dll
Resource
win10v2004-20230621-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
Canon/Allx64/-PS3_20.50/cns31k.chm
Resource
win7-20230703-en
windows7-x64
Behavioral task
behavioral26
Sample
Canon/Allx64/-PS3_20.50/cns31k.chm
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
Canon/Allx64/-PS3_20.50/cnsaturation.dll
Resource
win7-20230703-en
windows7-x64
Behavioral task
behavioral28
Sample
Canon/Allx64/-PS3_20.50/cnsaturation.dll
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
Canon/Allx64/-PS3_20.50/cnxdias2.dll
Resource
win7-20230703-en
windows7-x64
Behavioral task
behavioral30
Sample
Canon/Allx64/-PS3_20.50/cnxdias2.dll
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
Canon/Allx64/-PS3_20.50/cnxpcf32.dll
Resource
win7-20230703-en
windows7-x64
Behavioral task
behavioral32
Sample
Canon/Allx64/-PS3_20.50/cnxpcf32.dll
Resource
win10v2004-20230703-en
windows10-2004-x64
General
-
Target
Canon/Allx64/-PS3_20.50/cnperceptual.dll
-
Size
573KB
-
MD5
a39b9e93f6a6e482b370b6f2ce99eaef
-
SHA1
bb832a2304d62ab84f72e137ddb8e9f19190b981
-
SHA256
da8d3bdea93d0c854a578aec7539e5d59583f9663400f704c66f2f08147abccf
-
SHA512
d5d687a1e49a6ca65c2bd7da5064f6bfc9a317a4c4237260ed5694bd1d65f728c390879767443cbbd94123980176ec7d388ffe32e80b9fd6d247be219342fa1d
-
SSDEEP
12288:JQA6dRbhZZ5n0XYHjnRQReGAJve9JyEEjj:JQTdRbhZZmqNQRJAJve9JyEEjj
Malware Config
Signatures
-
Registers COM server for autorun 1 TTPs 8 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{90EC74A5-5D81-4cc8-9AC1-66D1C5BFCD27}\InprocServer32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{90EC74A5-5D81-4cc8-9AC1-66D1C5BFCD27}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Canon\\Allx64\\-PS3_20.50\\cnperceptual.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{90EC74A5-5D81-4cc8-9AC1-66D1C5BFCD27}\InprocServer32\ThreadingModel = "Apartment" regsvr32.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04F20026-6E2F-4bb6-84A5-0E7F088784AD}\InprocServer32 regsvr32.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{90EC74A5-5D81-4cc8-9AC1-66D1C5BFCD27}\InprocServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04F20026-6E2F-4bb6-84A5-0E7F088784AD}\InprocServer32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04F20026-6E2F-4bb6-84A5-0E7F088784AD}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Canon\\Allx64\\-PS3_20.50\\cnperceptual.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04F20026-6E2F-4bb6-84A5-0E7F088784AD}\InprocServer32\ThreadingModel = "Apartment" regsvr32.exe -
Modifies registry class 64 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CanonGamutMapModel.CanonGamutMapModelPlugin\CLSID regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04F20026-6E2F-4bb6-84A5-0E7F088784AD}\TypeLib regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{90EC74A5-5D81-4cc8-9AC1-66D1C5BFCD27}\ = "SpecificGamutMapModelBase Class" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{90EC74A5-5D81-4cc8-9AC1-66D1C5BFCD27}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Canon\\Allx64\\-PS3_20.50\\cnperceptual.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{90EC74A5-5D81-4cc8-9AC1-66D1C5BFCD27}\AppID = "{AA74FA98-DD3C-4252-BC15-02CEB0752024}" regsvr32.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04F20026-6E2F-4bb6-84A5-0E7F088784AD}\InprocServer32 regsvr32.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{90EC74A5-5D81-4cc8-9AC1-66D1C5BFCD27}\InprocServer32 regsvr32.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{90EC74A5-5D81-4cc8-9AC1-66D1C5BFCD27}\ProgID regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04F20026-6E2F-4bb6-84A5-0E7F088784AD}\InprocServer32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CanonGamutMapModel.SpecificGamutMapModelBase\ = "SpecificGamutMapModelBase Class" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CanonGamutMapModel.SpecificGamutMapModelBase\CLSID regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{90EC74A5-5D81-4cc8-9AC1-66D1C5BFCD27} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{90EC74A5-5D81-4cc8-9AC1-66D1C5BFCD27}\ProgID\ = "CanonGamutMapModel.SpecificGamutMapModelBase.1" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{90EC74A5-5D81-4cc8-9AC1-66D1C5BFCD27}\TypeLib regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{3CF5958A-A59F-4E24-B609-D5976005B1B4}\1.0 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{3CF5958A-A59F-4E24-B609-D5976005B1B4}\1.0\HELPDIR regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CanonGamutMapModel.CanonGamutMapModelPlugin\CurVer\ = "CanonGamutMapModel.CanonGamutMapModelPlugin.1" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04F20026-6E2F-4bb6-84A5-0E7F088784AD}\ = "CanonGamutMapModelPlugin Class" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CanonGamutMapModel.SpecificGamutMapModelBase regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CanonGamutMapModel.SpecificGamutMapModelBase\CurVer\ = "CanonGamutMapModel.SpecificGamutMapModelBase.1" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{90EC74A5-5D81-4cc8-9AC1-66D1C5BFCD27}\VersionIndependentProgID\ = "CanonGamutMapModel.SpecificGamutMapModelBase" regsvr32.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04F20026-6E2F-4bb6-84A5-0E7F088784AD} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CanonGamutMapModel.CanonGamutMapModelPlugin.1 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CanonGamutMapModel.CanonGamutMapModelPlugin\CurVer regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04F20026-6E2F-4bb6-84A5-0E7F088784AD} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04F20026-6E2F-4bb6-84A5-0E7F088784AD}\ProgID regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CanonGamutMapModel.SpecificGamutMapModelBase.1 regsvr32.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04F20026-6E2F-4bb6-84A5-0E7F088784AD}\TypeLib regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{3CF5958A-A59F-4E24-B609-D5976005B1B4}\1.0\0\win64 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04F20026-6E2F-4bb6-84A5-0E7F088784AD}\InprocServer32\ThreadingModel = "Apartment" regsvr32.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04F20026-6E2F-4bb6-84A5-0E7F088784AD}\ProgID regsvr32.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04F20026-6E2F-4bb6-84A5-0E7F088784AD}\VersionIndependentProgID regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CanonGamutMapModel.SpecificGamutMapModelBase\CLSID\ = "{90EC74A5-5D81-4cc8-9AC1-66D1C5BFCD27}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{90EC74A5-5D81-4cc8-9AC1-66D1C5BFCD27}\InprocServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CanonGamutMapModel.CanonGamutMapModelPlugin regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04F20026-6E2F-4bb6-84A5-0E7F088784AD}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Canon\\Allx64\\-PS3_20.50\\cnperceptual.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CanonGamutMapModel.SpecificGamutMapModelBase.1\ = "SpecificGamutMapModelBase Class" regsvr32.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{90EC74A5-5D81-4cc8-9AC1-66D1C5BFCD27} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{3CF5958A-A59F-4E24-B609-D5976005B1B4}\1.0\ = "PerceptualPhase3COM 1.0 Type Library" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{3CF5958A-A59F-4E24-B609-D5976005B1B4}\1.0\FLAGS regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{90EC74A5-5D81-4cc8-9AC1-66D1C5BFCD27}\ProgID regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{3CF5958A-A59F-4E24-B609-D5976005B1B4}\1.0\FLAGS\ = "0" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CanonGamutMapModel.CanonGamutMapModelPlugin.1\ = "CanonGamutMapModelPlugin Class" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04F20026-6E2F-4bb6-84A5-0E7F088784AD}\VersionIndependentProgID regsvr32.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{90EC74A5-5D81-4cc8-9AC1-66D1C5BFCD27}\TypeLib regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CanonGamutMapModel.CanonGamutMapModelPlugin.1\CLSID\ = "{04F20026-6E2F-4bb6-84A5-0E7F088784AD}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04F20026-6E2F-4bb6-84A5-0E7F088784AD}\VersionIndependentProgID\ = "CanonGamutMapModel.CanonGamutMapModelPlugin" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{3CF5958A-A59F-4E24-B609-D5976005B1B4}\1.0\HELPDIR\ regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{90EC74A5-5D81-4cc8-9AC1-66D1C5BFCD27}\VersionIndependentProgID regsvr32.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{90EC74A5-5D81-4cc8-9AC1-66D1C5BFCD27}\VersionIndependentProgID regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{3CF5958A-A59F-4E24-B609-D5976005B1B4} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CanonGamutMapModel.SpecificGamutMapModelBase.1\CLSID\ = "{90EC74A5-5D81-4cc8-9AC1-66D1C5BFCD27}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{90EC74A5-5D81-4cc8-9AC1-66D1C5BFCD27}\InprocServer32\ThreadingModel = "Apartment" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{3CF5958A-A59F-4E24-B609-D5976005B1B4}\1.0\0\win64\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Canon\\Allx64\\-PS3_20.50\\cnperceptual.dll" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CanonGamutMapModel.CanonGamutMapModelPlugin.1\CLSID regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CanonGamutMapModel.CanonGamutMapModelPlugin\CLSID\ = "{04F20026-6E2F-4bb6-84A5-0E7F088784AD}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CanonGamutMapModel.SpecificGamutMapModelBase.1\CLSID regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CanonGamutMapModel.SpecificGamutMapModelBase\CurVer regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{90EC74A5-5D81-4cc8-9AC1-66D1C5BFCD27}\TypeLib\ = "{3CF5958A-A59F-4e24-B609-D5976005B1B4}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CanonGamutMapModel.CanonGamutMapModelPlugin\ = "CanonGamutMapModelPlugin Class" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04F20026-6E2F-4bb6-84A5-0E7F088784AD}\ProgID\ = "CanonGamutMapModel.CanonGamutMapModelPlugin.1" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04F20026-6E2F-4bb6-84A5-0E7F088784AD}\AppID = "{AA74FA98-DD3C-4252-BC15-02CEB0752024}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{04F20026-6E2F-4bb6-84A5-0E7F088784AD}\TypeLib\ = "{3CF5958A-A59F-4e24-B609-D5976005B1B4}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{3CF5958A-A59F-4E24-B609-D5976005B1B4}\1.0\0 regsvr32.exe