Overview
overview
7Static
static
3Canon/Allx...me.hta
windows7-x64
1Canon/Allx...me.hta
windows10-2004-x64
1Canon/Allx...rv.dll
windows7-x64
1Canon/Allx...rv.dll
windows10-2004-x64
1Canon/Allx...ok.dll
windows7-x64
1Canon/Allx...ok.dll
windows10-2004-x64
1Canon/Allx...ic.dll
windows7-x64
7Canon/Allx...ic.dll
windows10-2004-x64
7Canon/Allx...32.dll
windows7-x64
3Canon/Allx...32.dll
windows10-2004-x64
3Canon/Allx...ch.dll
windows7-x64
7Canon/Allx...ch.dll
windows10-2004-x64
7Canon/Allx...al.dll
windows7-x64
7Canon/Allx...al.dll
windows10-2004-x64
7Canon/Allx...er.dll
windows7-x64
7Canon/Allx...er.dll
windows10-2004-x64
7Canon/Allx...ce.dll
windows7-x64
7Canon/Allx...ce.dll
windows10-2004-x64
7Canon/Allx...09.dll
windows7-x64
1Canon/Allx...09.dll
windows10-2004-x64
1Canon/Allx...0m.dll
windows7-x64
1Canon/Allx...0m.dll
windows10-2004-x64
1Canon/Allx...ui.dll
windows7-x64
1Canon/Allx...ui.dll
windows10-2004-x64
1Canon/Allx...1k.chm
windows7-x64
1Canon/Allx...1k.chm
windows10-2004-x64
1Canon/Allx...on.dll
windows7-x64
7Canon/Allx...on.dll
windows10-2004-x64
7Canon/Allx...s2.dll
windows7-x64
1Canon/Allx...s2.dll
windows10-2004-x64
1Canon/Allx...32.dll
windows7-x64
3Canon/Allx...32.dll
windows10-2004-x64
3Analysis
-
max time kernel
0s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
04/07/2023, 08:35
Static task
static1
Behavioral task
behavioral1
Sample
Canon/Allx64/-PS3_20.50/Readme.hta
Resource
win7-20230703-en
windows7-x64
Behavioral task
behavioral2
Sample
Canon/Allx64/-PS3_20.50/Readme.hta
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
Canon/Allx64/-PS3_20.50/aussdrv.dll
Resource
win7-20230703-en
windows7-x64
Behavioral task
behavioral4
Sample
Canon/Allx64/-PS3_20.50/aussdrv.dll
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
Canon/Allx64/-PS3_20.50/cnas0mok.dll
Resource
win7-20230703-en
windows7-x64
Behavioral task
behavioral6
Sample
Canon/Allx64/-PS3_20.50/cnas0mok.dll
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
Canon/Allx64/-PS3_20.50/cncolorimetric.dll
Resource
win7-20230703-en
windows7-x64
Behavioral task
behavioral8
Sample
Canon/Allx64/-PS3_20.50/cncolorimetric.dll
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
Canon/Allx64/-PS3_20.50/cnkyns32.dll
Resource
win7-20230621-en
windows7-x64
Behavioral task
behavioral10
Sample
Canon/Allx64/-PS3_20.50/cnkyns32.dll
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
Canon/Allx64/-PS3_20.50/cnmonitormatch.dll
Resource
win7-20230703-en
windows7-x64
Behavioral task
behavioral12
Sample
Canon/Allx64/-PS3_20.50/cnmonitormatch.dll
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
Canon/Allx64/-PS3_20.50/cnperceptual.dll
Resource
win7-20230703-en
windows7-x64
Behavioral task
behavioral14
Sample
Canon/Allx64/-PS3_20.50/cnperceptual.dll
Resource
win10v2004-20230621-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
Canon/Allx64/-PS3_20.50/cnrgbprinter.dll
Resource
win7-20230703-en
windows7-x64
Behavioral task
behavioral16
Sample
Canon/Allx64/-PS3_20.50/cnrgbprinter.dll
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
Canon/Allx64/-PS3_20.50/cnrgbvirtualdevice.dll
Resource
win7-20230621-en
windows7-x64
Behavioral task
behavioral18
Sample
Canon/Allx64/-PS3_20.50/cnrgbvirtualdevice.dll
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
Canon/Allx64/-PS3_20.50/cns30809.dll
Resource
win7-20230703-en
windows7-x64
Behavioral task
behavioral20
Sample
Canon/Allx64/-PS3_20.50/cns30809.dll
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
Canon/Allx64/-PS3_20.50/cns30m.dll
Resource
win7-20230703-en
windows7-x64
Behavioral task
behavioral22
Sample
Canon/Allx64/-PS3_20.50/cns30m.dll
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
Canon/Allx64/-PS3_20.50/cns30mui.dll
Resource
win7-20230703-en
windows7-x64
Behavioral task
behavioral24
Sample
Canon/Allx64/-PS3_20.50/cns30mui.dll
Resource
win10v2004-20230621-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
Canon/Allx64/-PS3_20.50/cns31k.chm
Resource
win7-20230703-en
windows7-x64
Behavioral task
behavioral26
Sample
Canon/Allx64/-PS3_20.50/cns31k.chm
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
Canon/Allx64/-PS3_20.50/cnsaturation.dll
Resource
win7-20230703-en
windows7-x64
Behavioral task
behavioral28
Sample
Canon/Allx64/-PS3_20.50/cnsaturation.dll
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
Canon/Allx64/-PS3_20.50/cnxdias2.dll
Resource
win7-20230703-en
windows7-x64
Behavioral task
behavioral30
Sample
Canon/Allx64/-PS3_20.50/cnxdias2.dll
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
Canon/Allx64/-PS3_20.50/cnxpcf32.dll
Resource
win7-20230703-en
windows7-x64
Behavioral task
behavioral32
Sample
Canon/Allx64/-PS3_20.50/cnxpcf32.dll
Resource
win10v2004-20230703-en
windows10-2004-x64
General
-
Target
Canon/Allx64/-PS3_20.50/cnrgbvirtualdevice.dll
-
Size
222KB
-
MD5
d4b96959bc00b3ca5fd29ae5ce418412
-
SHA1
b0a6a7f26bf3c6bdb891554e1683f1c77bd2589f
-
SHA256
cd65a0306b5a43b145c2830ac961c551c261c425b55eece9d662e1cccdc49aa4
-
SHA512
2c4c4238f15ffddb5193c160503a06bc4634107c96ed5ae04c1647075b06b2d7eead9af22f822978d4d2ea178fde2e6258e4dc7cf67f6e4a8396e89e701f7972
-
SSDEEP
6144:A4Pasg5qs9nRiXg5PkT9oPZOoc1ZpM1E+:ANJTiX/9oPgL
Malware Config
Signatures
-
Registers COM server for autorun 1 TTPs 8 IoCs
description ioc Process Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7B7E7A76-F87D-4c24-98EF-50FE6C32D35B}\InprocServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A1EEEEA-BE0C-4f24-A923-894AD5AC6D7E}\InprocServer32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A1EEEEA-BE0C-4f24-A923-894AD5AC6D7E}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Canon\\Allx64\\-PS3_20.50\\cnrgbvirtualdevice.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A1EEEEA-BE0C-4f24-A923-894AD5AC6D7E}\InprocServer32\ThreadingModel = "Apartment" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7B7E7A76-F87D-4c24-98EF-50FE6C32D35B}\InprocServer32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7B7E7A76-F87D-4c24-98EF-50FE6C32D35B}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Canon\\Allx64\\-PS3_20.50\\cnrgbvirtualdevice.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7B7E7A76-F87D-4c24-98EF-50FE6C32D35B}\InprocServer32\ThreadingModel = "Apartment" regsvr32.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A1EEEEA-BE0C-4f24-A923-894AD5AC6D7E}\InprocServer32 regsvr32.exe -
Modifies registry class 64 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CanonDeviceModel.CanonDeviceModelPlugin regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7B7E7A76-F87D-4c24-98EF-50FE6C32D35B}\AppID = "{3F019EA0-6C75-422C-966B-1D6E7DC552B4}" regsvr32.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7B7E7A76-F87D-4c24-98EF-50FE6C32D35B} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CanonDeviceModel.SpecificDeviceModelBase regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7B7E7A76-F87D-4c24-98EF-50FE6C32D35B}\ProgID\ = "CanonDeviceModel.SpecificDeviceModelBase.1" regsvr32.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A1EEEEA-BE0C-4f24-A923-894AD5AC6D7E}\InprocServer32 regsvr32.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A1EEEEA-BE0C-4f24-A923-894AD5AC6D7E}\TypeLib regsvr32.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A1EEEEA-BE0C-4f24-A923-894AD5AC6D7E}\VersionIndependentProgID regsvr32.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A1EEEEA-BE0C-4f24-A923-894AD5AC6D7E} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{27A7F34C-4924-45FE-86CD-24B9E4CF1EE5}\1.0 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{27A7F34C-4924-45FE-86CD-24B9E4CF1EE5}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Canon\\Allx64\\-PS3_20.50\\" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A1EEEEA-BE0C-4f24-A923-894AD5AC6D7E} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CanonDeviceModel.SpecificDeviceModelBase.1 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CanonDeviceModel.SpecificDeviceModelBase\CLSID\ = "{7B7E7A76-F87D-4c24-98EF-50FE6C32D35B}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7B7E7A76-F87D-4c24-98EF-50FE6C32D35B}\InprocServer32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A1EEEEA-BE0C-4f24-A923-894AD5AC6D7E}\AppID = "{3F019EA0-6C75-422C-966B-1D6E7DC552B4}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{27A7F34C-4924-45FE-86CD-24B9E4CF1EE5}\1.0\FLAGS\ = "0" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{27A7F34C-4924-45FE-86CD-24B9E4CF1EE5}\1.0\0\win32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7B7E7A76-F87D-4c24-98EF-50FE6C32D35B}\VersionIndependentProgID\ = "CanonDeviceModel.SpecificDeviceModelBase" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7B7E7A76-F87D-4c24-98EF-50FE6C32D35B}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Canon\\Allx64\\-PS3_20.50\\cnrgbvirtualdevice.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CanonDeviceModel.CanonDeviceModelPlugin\CurVer\ = "CanonDeviceModel.CanonDeviceModelPlugin.1" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A1EEEEA-BE0C-4f24-A923-894AD5AC6D7E}\VersionIndependentProgID\ = "CanonDeviceModel.CanonDeviceModelPlugin" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A1EEEEA-BE0C-4f24-A923-894AD5AC6D7E}\TypeLib regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7B7E7A76-F87D-4c24-98EF-50FE6C32D35B}\ = "SpecificDeviceModelBase Class" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7B7E7A76-F87D-4c24-98EF-50FE6C32D35B}\InprocServer32\ThreadingModel = "Apartment" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{27A7F34C-4924-45FE-86CD-24B9E4CF1EE5}\1.0\HELPDIR regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CanonDeviceModel.CanonDeviceModelPlugin\CLSID regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A1EEEEA-BE0C-4f24-A923-894AD5AC6D7E}\ = "CanonDeviceModelPlugin Class" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A1EEEEA-BE0C-4f24-A923-894AD5AC6D7E}\TypeLib\ = "{27A7F34C-4924-45fe-86CD-24B9E4CF1EE5}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7B7E7A76-F87D-4c24-98EF-50FE6C32D35B}\VersionIndependentProgID regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CanonDeviceModel.CanonDeviceModelPlugin.1\ = "CanonDeviceModelPlugin Class" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A1EEEEA-BE0C-4f24-A923-894AD5AC6D7E}\ProgID regsvr32.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7B7E7A76-F87D-4c24-98EF-50FE6C32D35B}\ProgID regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{27A7F34C-4924-45FE-86CD-24B9E4CF1EE5}\1.0\ = "RGBVirtualDeviceCOM 1.0 Type Library" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CanonDeviceModel.CanonDeviceModelPlugin\ = "CanonDeviceModelPlugin Class" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A1EEEEA-BE0C-4f24-A923-894AD5AC6D7E}\VersionIndependentProgID regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CanonDeviceModel.SpecificDeviceModelBase.1\CLSID regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{27A7F34C-4924-45FE-86CD-24B9E4CF1EE5}\1.0\0 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CanonDeviceModel.CanonDeviceModelPlugin.1\CLSID\ = "{4A1EEEEA-BE0C-4f24-A923-894AD5AC6D7E}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A1EEEEA-BE0C-4f24-A923-894AD5AC6D7E}\ProgID\ = "CanonDeviceModel.CanonDeviceModelPlugin.1" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CanonDeviceModel.SpecificDeviceModelBase.1\CLSID\ = "{7B7E7A76-F87D-4c24-98EF-50FE6C32D35B}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7B7E7A76-F87D-4c24-98EF-50FE6C32D35B} regsvr32.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7B7E7A76-F87D-4c24-98EF-50FE6C32D35B}\VersionIndependentProgID regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CanonDeviceModel.CanonDeviceModelPlugin.1 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A1EEEEA-BE0C-4f24-A923-894AD5AC6D7E}\InprocServer32\ThreadingModel = "Apartment" regsvr32.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A1EEEEA-BE0C-4f24-A923-894AD5AC6D7E}\ProgID regsvr32.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7B7E7A76-F87D-4c24-98EF-50FE6C32D35B}\InprocServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CanonDeviceModel.CanonDeviceModelPlugin.1\CLSID regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CanonDeviceModel.SpecificDeviceModelBase.1\ = "SpecificDeviceModelBase Class" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CanonDeviceModel.SpecificDeviceModelBase\ = "SpecificDeviceModelBase Class" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CanonDeviceModel.SpecificDeviceModelBase\CurVer regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CanonDeviceModel.CanonDeviceModelPlugin\CLSID\ = "{4A1EEEEA-BE0C-4f24-A923-894AD5AC6D7E}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7B7E7A76-F87D-4c24-98EF-50FE6C32D35B}\TypeLib regsvr32.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7B7E7A76-F87D-4c24-98EF-50FE6C32D35B}\TypeLib regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{27A7F34C-4924-45FE-86CD-24B9E4CF1EE5}\1.0\FLAGS regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CanonDeviceModel.CanonDeviceModelPlugin\CurVer regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{27A7F34C-4924-45FE-86CD-24B9E4CF1EE5}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Canon\\Allx64\\-PS3_20.50\\cnrgbvirtualdevice.dll" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7B7E7A76-F87D-4c24-98EF-50FE6C32D35B}\ProgID regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7B7E7A76-F87D-4c24-98EF-50FE6C32D35B}\TypeLib\ = "{27A7F34C-4924-45fe-86CD-24B9E4CF1EE5}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{27A7F34C-4924-45FE-86CD-24B9E4CF1EE5} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A1EEEEA-BE0C-4f24-A923-894AD5AC6D7E}\InprocServer32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A1EEEEA-BE0C-4f24-A923-894AD5AC6D7E}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Canon\\Allx64\\-PS3_20.50\\cnrgbvirtualdevice.dll" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CanonDeviceModel.SpecificDeviceModelBase\CLSID regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CanonDeviceModel.SpecificDeviceModelBase\CurVer\ = "CanonDeviceModel.SpecificDeviceModelBase.1" regsvr32.exe