5ff6fb9cd8a7c874b33e04e1069e7e604d1d38ca3b51571478945a0c34900e27

Analysis

max time kernel
133s
max time network
127s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
11/05/2024, 04:59 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

32d85296972b34d859727e5d84a67ad9_JaffaCakes118.html
Size

15KB
MD5

32d85296972b34d859727e5d84a67ad9
SHA1

1f291f43ced39ba23967c867bb034e0430649468
SHA256

5ff6fb9cd8a7c874b33e04e1069e7e604d1d38ca3b51571478945a0c34900e27
SHA512

6d29418fc4f632d1d7b73811bafee332bbee4c449b5bed378463bbfe37045fe34d0ef96b954b1f5d5b1435dd78e7d5fb8e02e7183341ef7e93c4c77e65ded189
SSDEEP

384:WR5jiAomf6jIBVb91PRIkro7g/NBPKzNp1WB1V96mRNIv2XxNh:gmzBjINI7GNBPmNSDVjXxNh

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e9361000000000200000000001066000000010000200000007f2637981b7f472c705a9061866d1fe49245273188ee0075222fa8a5ea37f5c9000000000e8000000002000020000000bb600e9997f579a1ace74643cf7c644c7d401edff912cbef9e3ee1fa72c9176720000000fe4bacddfa662a4af036b5ad8728b0cada5eb0185f274e3c6c9ff6de2666408540000000fcf32513bcf147e47b12058b9843fbcb25191df504b43132eb9f232a26140401229cb9ca7b5434723cbf9c0e21be27620383e81decb3dc15f82927e9609070c4	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000e081da1568a1529b53adcb1c5a87593f5257a68458c23767759b7629a4a91ec2000000000e80000000020000200000003bb91563d26869e59f7ed9116b50e52a8f7a761956e1210a6c3f136daa59bc9990000000f7cef97eee1fd8ba4936c3813227c6af3c3c2a84343975aa596ee8da81dca43c3eacc1ada389c0f8cc33ba4771a0f187838a48fd4883c8f119edb43e8fe0089457b2952ef1f529aa57362d96e4c5496955463c3c71c601617c4ddcedd0905a360f788781a6ba9bfc6f1c50286357061a5643a7800ce2dd66faa48f4fefd92f1b93a9c57b57cfaa1d3824b8107082673040000000313c2b96427714be3344f248ef29e4f1350f66aeb875baf26909e8eb1f288d0c53e319919bcf2de7ead0f22e69600ef423416a119f198fba16841fdd1dbb2f8b	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421565456"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4B613251-0F53-11EF-91D8-D6B84878A518} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e06ef62060a3da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1704	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1704	iexplore.exe
1704	iexplore.exe
1276	IEXPLORE.EXE
1276	IEXPLORE.EXE
1276	IEXPLORE.EXE
1276	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1704 wrote to memory of 1276	1704	iexplore.exe	28
PID 1704 wrote to memory of 1276	1704	iexplore.exe	28
PID 1704 wrote to memory of 1276	1704	iexplore.exe	28
PID 1704 wrote to memory of 1276	1704	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\32d85296972b34d859727e5d84a67ad9_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1704
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1704 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1276

Network

DNS

thefireservice.co.uk

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

thefireservice.co.uk

IN A

Response

thefireservice.co.uk

IN A

173.254.30.90
GET

http://thefireservice.co.uk/wp-content/themes/cubic/style.css?ver=4.9.6

IEXPLORE.EXE

Remote address:

173.254.30.90:80

Request

GET /wp-content/themes/cubic/style.css?ver=4.9.6 HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: thefireservice.co.uk
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Sat, 11 May 2024 04:59:51 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://thefireservice.co.uk/wp-json/>; rel="https://api.w.org/"
Upgrade: h2,h2c
Connection: Upgrade
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
GET

http://thefireservice.co.uk/wp-content/themes/boardwalk/style.css?ver=4.9.6

IEXPLORE.EXE

Remote address:

173.254.30.90:80

Request

GET /wp-content/themes/boardwalk/style.css?ver=4.9.6 HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: thefireservice.co.uk
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Sat, 11 May 2024 04:59:51 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://thefireservice.co.uk/wp-json/>; rel="https://api.w.org/"
Upgrade: h2,h2c
Connection: Upgrade
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
GET

http://thefireservice.co.uk/wp-content/plugins/jetpack/_inc/genericons/genericons/genericons.css?ver=3.1

IEXPLORE.EXE

Remote address:

173.254.30.90:80

Request

GET /wp-content/plugins/jetpack/_inc/genericons/genericons/genericons.css?ver=3.1 HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: thefireservice.co.uk
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 11 May 2024 04:59:51 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade
Last-Modified: Tue, 30 May 2023 21:22:54 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Mon, 10 Jun 2024 04:59:51 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Transfer-Encoding: chunked
Content-Type: text/css
GET

http://thefireservice.co.uk/wp-content/themes/boardwalk/js/pace.js?ver=1.0.0

IEXPLORE.EXE

Remote address:

173.254.30.90:80

Request

GET /wp-content/themes/boardwalk/js/pace.js?ver=1.0.0 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: thefireservice.co.uk
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Sat, 11 May 2024 04:59:51 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://thefireservice.co.uk/wp-json/>; rel="https://api.w.org/"
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
GET

http://thefireservice.co.uk/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1

IEXPLORE.EXE

Remote address:

173.254.30.90:80

Request

GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: thefireservice.co.uk
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 11 May 2024 04:59:51 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade
Last-Modified: Tue, 08 Aug 2023 20:28:15 GMT
Accept-Ranges: bytes
Cache-Control: max-age=21600
Expires: Sat, 11 May 2024 10:59:51 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Content-Length: 5422
Content-Type: application/javascript
GET

http://thefireservice.co.uk/wp-content/plugins/wp-automatic/js/main-front.js?ver=4.9.6

IEXPLORE.EXE

Remote address:

173.254.30.90:80

Request

GET /wp-content/plugins/wp-automatic/js/main-front.js?ver=4.9.6 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: thefireservice.co.uk
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Sat, 11 May 2024 04:59:51 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://thefireservice.co.uk/wp-json/>; rel="https://api.w.org/"
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
GET

http://thefireservice.co.uk/wp-includes/js/jquery/jquery.js?ver=1.12.4

IEXPLORE.EXE

Remote address:

173.254.30.90:80

Request

GET /wp-includes/js/jquery/jquery.js?ver=1.12.4 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: thefireservice.co.uk
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 11 May 2024 04:59:51 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade
Last-Modified: Tue, 07 Nov 2023 21:02:41 GMT
Accept-Ranges: bytes
Cache-Control: max-age=21600
Expires: Sat, 11 May 2024 10:59:51 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Transfer-Encoding: chunked
Content-Type: application/javascript
GET

http://thefireservice.co.uk/wp-content/themes/boardwalk/js/skip-link-focus-fix.js?ver=20130115

IEXPLORE.EXE

Remote address:

173.254.30.90:80

Request

GET /wp-content/themes/boardwalk/js/skip-link-focus-fix.js?ver=20130115 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: thefireservice.co.uk
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Sat, 11 May 2024 04:59:51 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://thefireservice.co.uk/wp-json/>; rel="https://api.w.org/"
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
GET

http://thefireservice.co.uk/wp-content/plugins/wp-automatic/css/wp-automatic.css?ver=1.0.0

IEXPLORE.EXE

Remote address:

173.254.30.90:80

Request

GET /wp-content/plugins/wp-automatic/css/wp-automatic.css?ver=1.0.0 HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: thefireservice.co.uk
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Sat, 11 May 2024 04:59:51 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://thefireservice.co.uk/wp-json/>; rel="https://api.w.org/"
Upgrade: h2,h2c
Connection: Upgrade
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
GET

http://thefireservice.co.uk/wp-includes/js/comment-reply.min.js?ver=4.9.6

IEXPLORE.EXE

Remote address:

173.254.30.90:80

Request

GET /wp-includes/js/comment-reply.min.js?ver=4.9.6 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: thefireservice.co.uk
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 11 May 2024 04:59:52 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade
Last-Modified: Tue, 24 May 2022 20:37:07 GMT
Accept-Ranges: bytes
Cache-Control: max-age=21600
Expires: Sat, 11 May 2024 10:59:52 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Content-Length: 1477
Content-Type: application/javascript
GET

http://thefireservice.co.uk/wp-includes/js/wp-embed.min.js?ver=4.9.6

IEXPLORE.EXE

Remote address:

173.254.30.90:80

Request

GET /wp-includes/js/wp-embed.min.js?ver=4.9.6 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: thefireservice.co.uk
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 11 May 2024 04:59:52 GMT
Server: Apache
Last-Modified: Tue, 07 Nov 2023 21:02:41 GMT
Accept-Ranges: bytes
Cache-Control: max-age=21600
Expires: Sat, 11 May 2024 10:59:52 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Content-Length: 692
Content-Type: application/javascript
GET

http://thefireservice.co.uk/wp-content/uploads/2018/07/%D9%87%D9%86%D8%A7%D9%83-%D8%B5%D8%AE%D8%B1%D8%A9-%D9%81%D9%8A-%D8%A7%D9%84%D9%8A%D8%A7%D8%A8%D8%A7%D9%86-%D8%B9%D9%84%D9%89-%D9%85%D9%86%D8%AD%D8%AF%D8%B1-%D9%83%D8%AA%D8%A8%D8%AA-%D8%B9%D9%84%D9%8A%D9%87%D8%A7-%D9%83%D9%84.jpg

IEXPLORE.EXE

Remote address:

173.254.30.90:80

Request

GET /wp-content/uploads/2018/07/%D9%87%D9%86%D8%A7%D9%83-%D8%B5%D8%AE%D8%B1%D8%A9-%D9%81%D9%8A-%D8%A7%D9%84%D9%8A%D8%A7%D8%A8%D8%A7%D9%86-%D8%B9%D9%84%D9%89-%D9%85%D9%86%D8%AD%D8%AF%D8%B1-%D9%83%D8%AA%D8%A8%D8%AA-%D8%B9%D9%84%D9%8A%D9%87%D8%A7-%D9%83%D9%84.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: thefireservice.co.uk
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Sat, 11 May 2024 04:59:52 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://thefireservice.co.uk/wp-json/>; rel="https://api.w.org/"
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
GET

http://thefireservice.co.uk/wp-content/themes/cubic/js/cubic.js?ver=20150113

IEXPLORE.EXE

Remote address:

173.254.30.90:80

Request

GET /wp-content/themes/cubic/js/cubic.js?ver=20150113 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: thefireservice.co.uk
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Sat, 11 May 2024 04:59:52 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://thefireservice.co.uk/wp-json/>; rel="https://api.w.org/"
Upgrade: h2,h2c
Connection: Upgrade
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

173.254.30.90:80

http://thefireservice.co.uk/wp-content/themes/cubic/style.css?ver=4.9.6

http

IEXPLORE.EXE

1.3kB
27.6kB
22
24

HTTP Request

GET http://thefireservice.co.uk/wp-content/themes/cubic/style.css?ver=4.9.6

HTTP Response

404
173.254.30.90:80

http://thefireservice.co.uk/wp-content/themes/boardwalk/style.css?ver=4.9.6

http

IEXPLORE.EXE

1.2kB
27.5kB
21
23

HTTP Request

GET http://thefireservice.co.uk/wp-content/themes/boardwalk/style.css?ver=4.9.6

HTTP Response

404
173.254.30.90:80

http://thefireservice.co.uk/wp-content/themes/boardwalk/js/pace.js?ver=1.0.0

http

IEXPLORE.EXE

2.2kB
44.8kB
34
38

HTTP Request

GET http://thefireservice.co.uk/wp-content/plugins/jetpack/_inc/genericons/genericons/genericons.css?ver=3.1

HTTP Response

200

HTTP Request

GET http://thefireservice.co.uk/wp-content/themes/boardwalk/js/pace.js?ver=1.0.0

HTTP Response

404
173.254.30.90:80

http://thefireservice.co.uk/wp-content/plugins/wp-automatic/js/main-front.js?ver=4.9.6

http

IEXPLORE.EXE

1.5kB
22.0kB
19
20

HTTP Request

GET http://thefireservice.co.uk/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1

HTTP Response

200

HTTP Request

GET http://thefireservice.co.uk/wp-content/plugins/wp-automatic/js/main-front.js?ver=4.9.6

HTTP Response

404
173.254.30.90:80

http://thefireservice.co.uk/wp-content/themes/boardwalk/js/skip-link-focus-fix.js?ver=20130115

http

IEXPLORE.EXE

3.5kB
142.9kB
64
109

HTTP Request

GET http://thefireservice.co.uk/wp-includes/js/jquery/jquery.js?ver=1.12.4

HTTP Response

200

HTTP Request

GET http://thefireservice.co.uk/wp-content/themes/boardwalk/js/skip-link-focus-fix.js?ver=20130115

HTTP Response

404
173.254.30.90:80

http://thefireservice.co.uk/wp-content/plugins/wp-automatic/css/wp-automatic.css?ver=1.0.0

http

IEXPLORE.EXE

1.3kB
27.5kB
22
23

HTTP Request

GET http://thefireservice.co.uk/wp-content/plugins/wp-automatic/css/wp-automatic.css?ver=1.0.0

HTTP Response

404
173.254.30.90:80

http://thefireservice.co.uk/wp-content/uploads/2018/07/%D9%87%D9%86%D8%A7%D9%83-%D8%B5%D8%AE%D8%B1%D8%A9-%D9%81%D9%8A-%D8%A7%D9%84%D9%8A%D8%A7%D8%A8%D8%A7%D9%86-%D8%B9%D9%84%D9%89-%D9%85%D9%86%D8%AD%D8%AF%D8%B1-%D9%83%D8%AA%D8%A8%D8%AA-%D8%B9%D9%84%D9%8A%D9%87%D8%A7-%D9%83%D9%84.jpg

http

IEXPLORE.EXE

2.2kB
30.6kB
25
28

HTTP Request

GET http://thefireservice.co.uk/wp-includes/js/comment-reply.min.js?ver=4.9.6

HTTP Response

200

HTTP Request

GET http://thefireservice.co.uk/wp-includes/js/wp-embed.min.js?ver=4.9.6

HTTP Response

200

HTTP Request

GET http://thefireservice.co.uk/wp-content/uploads/2018/07/%D9%87%D9%86%D8%A7%D9%83-%D8%B5%D8%AE%D8%B1%D8%A9-%D9%81%D9%8A-%D8%A7%D9%84%D9%8A%D8%A7%D8%A8%D8%A7%D9%86-%D8%B9%D9%84%D9%89-%D9%85%D9%86%D8%AD%D8%AF%D8%B1-%D9%83%D8%AA%D8%A8%D8%AA-%D8%B9%D9%84%D9%8A%D9%87%D8%A7-%D9%83%D9%84.jpg

HTTP Response

404
173.254.30.90:80

http://thefireservice.co.uk/wp-content/themes/cubic/js/cubic.js?ver=20150113

http

IEXPLORE.EXE

1.3kB
27.5kB
22
23

HTTP Request

GET http://thefireservice.co.uk/wp-content/themes/cubic/js/cubic.js?ver=20150113

HTTP Response

404
173.254.30.90:80

thefireservice.co.uk

IEXPLORE.EXE

242 B
144 B
5
3
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

799 B
7.7kB
10
13
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

799 B
7.7kB
10
13
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

831 B
7.7kB
10
13

8.8.8.8:53

thefireservice.co.uk

dns

IEXPLORE.EXE

66 B
82 B
1
1

DNS Request

thefireservice.co.uk

DNS Response

173.254.30.90

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0431f6e5ab06fb350f2ba2871142d2c6

SHA1
266ad71ee2e6dfba5fd57add96bb982274ffe41b

SHA256
25fecbef4c54e3ec7ad04c4217b738f8737b3ee15d6a7ae746ec3e596a48d449

SHA512
f1e5dfd41d257e56d397e3044c3f9ae29148590ab840f5af78b656c174e85285efbc6e69d94397fdd00df0ef599b0a21718f31fdf5dd21dd53367e8d06d081e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
57371df5710bdaac40b09b3836d92a15

SHA1
26e9e0ab5b8a6de32298227acdd11a3d85a74bd9

SHA256
540432dc8187c646f1091d204c011c23d87f4ac0af5f373139f9bf9910325033

SHA512
a424f262ff809f04c265ff94013577781b61d88034edd1aa7443aaf8c95e44c1ea0d4ba12f194ad16ed025604137dfb9c7566c7ace68b0438264a7a9fa8a6cc2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6c7471ea682d34991cb595d85e2ac53e

SHA1
c2ceb3d273f8f77204e22d56dada398250f4815c

SHA256
6dc0dcdeff363d478ec4c95bcc848546f6d0ca56284724333331876572bccca6

SHA512
4674f8a0a81eb658a0ca19809d1912f2601a21c7a410a9745c754ec510a9f884e740163ad4565d357540452bf26dc5ff38e7ab3946dc1183b68889edff6a0fc1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3c07b380ef133e9087f1a9e5dc97f54f

SHA1
65ffd6c733917e93d2862b24e6eb21467191b6e1

SHA256
c80ced1f2c78b839dc8a01ba73e7a104c5b4d058d3990e16b76d84a82b7f2c6a

SHA512
476c9f60aa6ea18d343cb9be8109685ada886c3b1b8a26b72c6aae754fc4d7b1ec55927d05df53c640fa9b2a67890b40d08a90a4a6d8ab5a614427f154d04011

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
84fd815608e9a33b44dd27f7ff1194e3

SHA1
3dcbb24f80e5aaaf2229ecd28b83c4a256bbbe9c

SHA256
877c9f8abb87a3539339c27be39dbee0cc69a1fc16673b3f2a263a2b0f460bc0

SHA512
51c5c7f2a16e23ec60bc17eaa5481d51736613fbf55c15717e7e3c7d05756c3597510af46afe287575b16477912fd264f740e26a86a1360f97bb32db59251e06

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
853dac15c0a71737613858f979212bfc

SHA1
564b22987658bce8b489bb8fe0866967a38658ea

SHA256
afed2c0bfe2705980a590186ca6d3c17af458e85fbcd450e9d090bfe4adf0d0f

SHA512
132ab89491fe1eda9820e9b6c22b67d5a7fa68e5bbbef0311cebc73ef6f1ea565aa6847367af85ea6a42ad5c11f835c3d0dc1563e182afb4a59c885ef0f1a531

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
81aba972dcfef203056346fd92086700

SHA1
87a284312105c7b6bc4d72dee72144ee0cf1e9ab

SHA256
21f522e073db963ac59b72e5b719cee36858b7c81f8a4aa1e1e757fa1bc66192

SHA512
59a457e638f3262ae539e7505014d38d6ea9112a41cb0716534473f803c96a0e269ccba7a8f5d357bdc684f0f7a34e63d17e6787afa349034a1b92c13ce4f5de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
84d84c6ddfddfa4b1a6b108cf12f3693

SHA1
2cecf41705d32d27ebb36645e4fb7e255ec18428

SHA256
1034c53c76d1837c70f0e5ed1a0aea068013f53783f65c90af07af7ee315c86f

SHA512
38e609cbd4d03963000379d345a93d79bd9d850ba728725a4aff48b73a8277d8ab4fd0138f49002a22496ef87dd12f93e2360881474e3a82b8dcb1d91c85d6ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cebb30a585332fc7ea3e01931b7a9386

SHA1
e95c8f46d686a5c804c999e53ce4437333b0fe8d

SHA256
f806062191fbe3185c6ea6b642fa178bdffa51fea4a72a8d53b7044138aadd62

SHA512
2297d4df6e327d22d9fd72f887bdde29faf814ffb73306d114d343a76c6f4dd5213be071655632b591797249c6a5c003bb1d1252626e60131a9fdd9af16b817d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5b65ebfee6cd48c8c430565d387f14bd

SHA1
8bb4f45dc924338784aeacc37b178d76467701fb

SHA256
8126f2f321f3d6fcd8468e633b05d6aed1f8e878c0441bdfa18f5a91caa1bf0e

SHA512
337bb7d03a3c8326d13998012dfd524ee2ce340e74159df9c1248bd6b58c8257dc2fe6c44f992dcffc3af2ccd8df78d4e88111b1dcaf66f5fec754c3ff48cf75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a6f81548939b2bd25f876212f338f296

SHA1
329c4451311ea88de0a39e4b43e57b9dff65e964

SHA256
f17c2f6e15360a43659b9d9db689334405a8e16841e96aa95d49127fc9f40ea2

SHA512
c147889be4fb4797d01a8101202194baf4174e8f9542a621142974820db675264578d67f9629bc54a3ead1f6a3dbd4480183059a9e96ec981d0ca1abfd555a02

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8358a4013ed8915693f2d7c969c8e4f8

SHA1
fb92d471db808f9fa37f7940d2bd78a9fcf67da9

SHA256
1bbbdc700ff88ef9d341e557c0d7e701e50a229d96ca117b1a9541c014f09c8c

SHA512
8850f9113d61d8c2aae0f443311d19dd5809564fd0f4d820b9031721b23a0cbba869caf7d5427495a0fc00b35166bf12344998127d44bebdad4b939293ad3e09

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1abdac9584aec9adbb1dbf7628aeec89

SHA1
901ff6dae5bed2ff4076930e0114e075907393fd

SHA256
1229b6564117ad7abadde01d1e0b970283d2d8acfbec2e3037147de17360619a

SHA512
9688ab040523cef1130f6ca4b021918db1dffc063a75c24040d7db4734c01de33e8b5811be609eeda4902f40af719bea04dffa6dff012de48f7efc14cf4b4bb8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dcedbc88ee23f54fd524074f9624af72

SHA1
2f85f6a4251b453cb72b031b4b3f8d12d3b8be57

SHA256
1cc30992acaf02c7f063aedb974425a28f3b6cdc543fd76d32b896d45cc23185

SHA512
24000d431ef897c25fd1d3fe023feb7ea1634c3d6cef735d9acb6ac7d7e3cfacf9f304e8dcc58fee2c3fa1f332bcab77521eb8be83714947a8c64b42602ab250

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
97a51e6e69721c8606d003c48fea95ee

SHA1
2578161a83f1e48b919b055935776f5c27fa130d

SHA256
a13b9cc7c1f589835464ce3851c8d044ce26b28b4285b7d726994907ec5de0ef

SHA512
d7739ac7aba9916cd71c91a57784b4cde91ac5301d86a73cd0719e60608654c032509ba71f0a69ef010823b8ed8c9c15793b5af65a793bce84bba19150e63fc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7e935db94b21e480a1057e8d8f296ee3

SHA1
54a986e6af9db8fd6d81f34bed79cfa904bd0a1b

SHA256
0d91e81590d08e2115c408abc1eb531603c4a425331f8bc9009ef7885a4f9992

SHA512
945c719f420072c406ba34e1fd9aed3973a3dd0a4a3c02d049fe26c98bfefe89d21d4747ba0e851debd429472a978141c901cb71f11172272d012d1a84369cc4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c09b845d7b2d7d577734c054e87e9bbd

SHA1
8e86ff7f108a02ea3010d7df4c957c5494554463

SHA256
e79856d0265af4a5505093669b34ed6a8591c1955b4387a87caf4680f0ede426

SHA512
133ad6f630ff2de01dca8bbda30a0badd097dc32451c2f1a948deb6853d64d36ef9d70c93f087881c5041a9f3edf9889902193e44f4df9101fcba9ce6fb3aad7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3278.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3279.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.