Overview
overview
7Static
static
3cudatext/cudatext.exe
windows7-x64
3cudatext/cudatext.exe
windows10-2004-x64
3cudatext/c...32.dll
windows7-x64
3cudatext/c...32.dll
windows10-2004-x64
3cudatext/c...64.dll
windows7-x64
7cudatext/c...64.dll
windows10-2004-x64
7cudatext/d...++.vbs
windows7-x64
1cudatext/d...++.vbs
windows10-2004-x64
1cudatext/d...te.vbs
windows7-x64
1cudatext/d...te.vbs
windows10-2004-x64
1cudatext/d...ipt.js
windows7-x64
3cudatext/d...ipt.js
windows10-2004-x64
3cudatext/d...t.html
windows7-x64
3cudatext/d...t.html
windows10-2004-x64
1cudatext/d...y.html
windows7-x64
3cudatext/d...y.html
windows10-2004-x64
3cudatext/d...n.html
windows7-x64
3cudatext/d...n.html
windows10-2004-x64
3cudatext/d...L.html
windows7-x64
3cudatext/d...L.html
windows10-2004-x64
3cudatext/d...sp.asp
windows7-x64
3cudatext/d...sp.asp
windows10-2004-x64
3cudatext/d...ult.js
windows7-x64
3cudatext/d...ult.js
windows10-2004-x64
3cudatext/d...ult.py
windows7-x64
3cudatext/d...ult.py
windows10-2004-x64
3cudatext/d...lt.vbs
windows7-x64
1cudatext/d...lt.vbs
windows10-2004-x64
1cudatext/d...ml.htm
windows7-x64
3cudatext/d...ml.htm
windows10-2004-x64
3cudatext/d...p.html
windows7-x64
3cudatext/d...p.html
windows10-2004-x64
3Analysis
-
max time kernel
133s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
01/09/2024, 07:41
Static task
static1
Behavioral task
behavioral1
Sample
cudatext/cudatext.exe
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral2
Sample
cudatext/cudatext.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
cudatext/cudatext_shell32.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral4
Sample
cudatext/cudatext_shell32.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
cudatext/cudatext_shell64.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral6
Sample
cudatext/cudatext_shell64.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
cudatext/data/autocomplete/C++.vbs
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral8
Sample
cudatext/data/autocomplete/C++.vbs
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
cudatext/data/lang/translation template.vbs
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral10
Sample
cudatext/data/lang/translation template.vbs
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
cudatext/data/lexlib/Bash script.js
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral12
Sample
cudatext/data/lexlib/Bash script.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
cudatext/data/newdoc/Frameset.html
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral14
Sample
cudatext/data/newdoc/Frameset.html
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
cudatext/data/newdoc/Glossary.html
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral16
Sample
cudatext/data/newdoc/Glossary.html
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
cudatext/data/newdoc/Redirection.html
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral18
Sample
cudatext/data/newdoc/Redirection.html
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
cudatext/data/newdoc/asp with HTML.html
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral20
Sample
cudatext/data/newdoc/asp with HTML.html
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
cudatext/data/newdoc/asp.asp
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral22
Sample
cudatext/data/newdoc/asp.asp
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
cudatext/data/newdoc/default.js
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral24
Sample
cudatext/data/newdoc/default.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
cudatext/data/newdoc/default.py
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral26
Sample
cudatext/data/newdoc/default.py
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
cudatext/data/newdoc/default.vbs
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral28
Sample
cudatext/data/newdoc/default.vbs
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
cudatext/data/newdoc/html.htm
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral30
Sample
cudatext/data/newdoc/html.htm
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
cudatext/data/newdoc/jsp.html
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral32
Sample
cudatext/data/newdoc/jsp.html
Resource
win10v2004-20240802-en
windows10-2004-x64
General
-
Target
cudatext/cudatext_shell32.dll
-
Size
859KB
-
MD5
f3d29f94139391df22c3603eb92e0634
-
SHA1
e971b5ea114b21e09ad0118a36e1ec5e710ea645
-
SHA256
5f279320e29f54e6d8a2046b2fda75eb28ccbb6e669fd7d6969b2c8ae36b634e
-
SHA512
90517f5e23e1917ee57e442bc03dd654af10ba2d98045c10763e5ae3a9dfbc90e3546365fda3bc6412e019846ef89768bf3dabf06f82b3576f5b05178bf113f7
-
SSDEEP
24576:+WgjxOjd0dyI12eNG2FtYTBgbL1gdyjgtW2ekRIx:+WgYpG91rNG2FsglgJWx
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language regsvr32.exe -
Modifies registry class 55 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9F5022BF-4CDB-4F5A-B9BE-7971D91B954F} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{424D212F-385A-45BD-B844-12DE48079799}\InprocServer32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\CudaTextContextMenuHandler\ = "{424D212F-385A-45BD-B844-12DE48079799}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2C7271F7-C5F5-4E97-BE65-93552CEB96D1}\TypeLib\ = "{9F5022BF-4CDB-4F5A-B9BE-7971D91B954F}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CudaTextContextMenuHandler.CudaTextContextMenuHandler\CurVer\ = "CudaTextContextMenuHandler.CudaTextContextMenuHandler.1" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\CudaTextContextMenuHandler regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\CudaTextContextMenuHandler\ = "{424D212F-385A-45BD-B844-12DE48079799}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CudaTextContextMenuHandler.CudaTextContextMenuHandler.1\ = "CudaTextContextMenuHandler object" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{424D212F-385A-45BD-B844-12DE48079799}\ProgID regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CudaTextContextMenuHandler.CudaTextContextMenuHandler\CurVer regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9F5022BF-4CDB-4F5A-B9BE-7971D91B954F}\1.0\0\win64 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C7271F7-C5F5-4E97-BE65-93552CEB96D1}\TypeLib\Version = "1.0" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CudaTextContextMenuHandler.CudaTextContextMenuHandler\ = "CudaTextContextMenuHandler object" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\CudaTextContextMenuHandler regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9F5022BF-4CDB-4F5A-B9BE-7971D91B954F}\1.0\0 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CudaTextContextMenuHandler.CudaTextContextMenuHandler\CLSID\ = "{424D212F-385A-45BD-B844-12DE48079799}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9F5022BF-4CDB-4F5A-B9BE-7971D91B954F}\1.0\FLAGS\ = "0" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{424D212F-385A-45BD-B844-12DE48079799}\TypeLib regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\CudaTextContextMenuHandler\ = "{424D212F-385A-45BD-B844-12DE48079799}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{424D212F-385A-45BD-B844-12DE48079799}\ProgID\ = "CudaTextContextMenuHandler.CudaTextContextMenuHandler.1" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2C7271F7-C5F5-4E97-BE65-93552CEB96D1}\TypeLib regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C7271F7-C5F5-4E97-BE65-93552CEB96D1}\ProxyStubClsid32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9F5022BF-4CDB-4F5A-B9BE-7971D91B954F}\1.0\0\win64\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cudatext\\cudatext_shell32.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C7271F7-C5F5-4E97-BE65-93552CEB96D1}\ = "ICudaTextContextMenuHandler" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{424D212F-385A-45BD-B844-12DE48079799}\VersionIndependentProgID regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CudaTextContextMenuHandler.CudaTextContextMenuHandler regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CudaTextContextMenuHandler.CudaTextContextMenuHandler.1\CLSID\ = "{424D212F-385A-45BD-B844-12DE48079799}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\CudaTextContextMenuHandler regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9F5022BF-4CDB-4F5A-B9BE-7971D91B954F}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cudatext" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C7271F7-C5F5-4E97-BE65-93552CEB96D1}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{424D212F-385A-45BD-B844-12DE48079799} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{424D212F-385A-45BD-B844-12DE48079799}\InprocServer32\ThreadingModel = "Apartment" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2C7271F7-C5F5-4E97-BE65-93552CEB96D1}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C7271F7-C5F5-4E97-BE65-93552CEB96D1}\TypeLib\ = "{9F5022BF-4CDB-4F5A-B9BE-7971D91B954F}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{424D212F-385A-45BD-B844-12DE48079799}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cudatext\\cudatext_shell32.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{424D212F-385A-45BD-B844-12DE48079799}\VersionIndependentProgID\ = "CudaTextContextMenuHandler.CudaTextContextMenuHandler" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C7271F7-C5F5-4E97-BE65-93552CEB96D1} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{424D212F-385A-45BD-B844-12DE48079799}\TypeLib\ = "{9F5022BF-4CDB-4F5A-B9BE-7971D91B954F}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2C7271F7-C5F5-4E97-BE65-93552CEB96D1}\ProxyStubClsid32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9F5022BF-4CDB-4F5A-B9BE-7971D91B954F}\1.0\ = "CudaTextContextMenuHandler" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9F5022BF-4CDB-4F5A-B9BE-7971D91B954F}\1.0\FLAGS regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9F5022BF-4CDB-4F5A-B9BE-7971D91B954F}\1.0\HELPDIR regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2C7271F7-C5F5-4E97-BE65-93552CEB96D1} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2C7271F7-C5F5-4E97-BE65-93552CEB96D1}\ = "ICudaTextContextMenuHandler" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CudaTextContextMenuHandler.CudaTextContextMenuHandler\CLSID regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CudaTextContextMenuHandler.CudaTextContextMenuHandler.1\CLSID regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9F5022BF-4CDB-4F5A-B9BE-7971D91B954F}\1.0 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\CudaTextContextMenuHandler regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{424D212F-385A-45BD-B844-12DE48079799}\ = "CudaTextContextMenuHandler object" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\background\shellex\ContextMenuHandlers\CudaTextContextMenuHandler\ = "{424D212F-385A-45BD-B844-12DE48079799}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2C7271F7-C5F5-4E97-BE65-93552CEB96D1}\TypeLib\Version = "1.0" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CudaTextContextMenuHandler.CudaTextContextMenuHandler.1 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C7271F7-C5F5-4E97-BE65-93552CEB96D1}\TypeLib regsvr32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1976 wrote to memory of 3200 1976 regsvr32.exe 85 PID 1976 wrote to memory of 3200 1976 regsvr32.exe 85 PID 1976 wrote to memory of 3200 1976 regsvr32.exe 85
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\cudatext\cudatext_shell32.dll1⤵
- Suspicious use of WriteProcessMemory
PID:1976 -
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\cudatext\cudatext_shell32.dll2⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:3200
-