File name:

Hotdog.exe

Full analysis: https://app.any.run/tasks/5e9242c7-77d4-49d2-b40e-a4822b986482
Verdict: Malicious activity
Analysis date: February 10, 2024, 15:44:13
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (console) Intel 80386, for MS Windows
MD5:

3B31E1B1438DDE669184CF4367574698

SHA1:

921440B4D557B9FFBAFE5DDA125F812A6DF24FA2

SHA256:

1760A29996E422CAEA60896E6D837C744A96B68833C8C43B49FD1240EB0F020C

SSDEEP:

12288:gNiTK9VH+VHjVD/ZhhcrI2rik9sPO+NiqZvgMh:gwKXI2rik9sPO+NiWvgE

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Hotdog.exe (PID: 3736)

  • SUSPICIOUS

    • Uses TASKKILL.EXE to kill process

      • cmd.exe (PID: 2036)

    • Starts CMD.EXE for commands execution

      • Hotdog.exe (PID: 3736)

    • The executable file from the user directory is run by the CMD process

      • runaway.exe (PID: 2636)
      • runaway.exe (PID: 4060)
      • runaway.exe (PID: 120)
      • runaway.exe (PID: 3428)
      • runaway.exe (PID: 2444)
      • runaway.exe (PID: 3500)
      • runaway.exe (PID: 2120)
      • runaway.exe (PID: 3936)
      • runaway.exe (PID: 1836)
      • runaway.exe (PID: 3276)
      • runaway.exe (PID: 3488)
      • runaway.exe (PID: 2896)
      • runaway.exe (PID: 2208)
      • runaway.exe (PID: 1972)
      • runaway.exe (PID: 2168)
      • runaway.exe (PID: 1824)
      • runaway.exe (PID: 3164)
      • NoHotdog.exe (PID: 2000)

    • Executing commands from a ".bat" file

      • Hotdog.exe (PID: 3736)

    • Executable content was dropped or overwritten

      • Hotdog.exe (PID: 3736)

  • INFO

    • Checks supported languages

      • runaway.exe (PID: 2444)
      • Hotdog.exe (PID: 3736)
      • runaway.exe (PID: 3428)
      • runaway.exe (PID: 2636)
      • runaway.exe (PID: 4060)
      • runaway.exe (PID: 120)
      • runaway.exe (PID: 3500)
      • runaway.exe (PID: 3936)
      • runaway.exe (PID: 1836)
      • runaway.exe (PID: 3276)
      • runaway.exe (PID: 2896)
      • runaway.exe (PID: 2120)
      • runaway.exe (PID: 2208)
      • runaway.exe (PID: 2168)
      • runaway.exe (PID: 3164)
      • runaway.exe (PID: 1972)
      • runaway.exe (PID: 1824)
      • runaway.exe (PID: 3488)
      • NoHotdog.exe (PID: 2000)

    • Create files in a temporary directory

      • Hotdog.exe (PID: 3736)

    • Reads the computer name

      • runaway.exe (PID: 3500)
      • runaway.exe (PID: 3276)
      • runaway.exe (PID: 3936)
      • runaway.exe (PID: 2120)
      • runaway.exe (PID: 120)
      • runaway.exe (PID: 2168)
      • runaway.exe (PID: 3428)
      • runaway.exe (PID: 2208)
      • runaway.exe (PID: 3164)
      • runaway.exe (PID: 2444)
      • runaway.exe (PID: 4060)
      • runaway.exe (PID: 2636)
      • runaway.exe (PID: 1836)
      • runaway.exe (PID: 2896)
      • runaway.exe (PID: 1824)
      • runaway.exe (PID: 1972)
      • runaway.exe (PID: 3488)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (41)
.exe | Win64 Executable (generic) (36.3)
.dll | Win32 Dynamic Link Library (generic) (8.6)
.exe | Win32 Executable (generic) (5.9)
.exe | Win16/32 Executable Delphi generic (2.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2019:07:30 08:52:45+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 2.5
CodeSize: 70656
InitializedDataSize: 169984
UninitializedDataSize: -
EntryPoint: 0x1000
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows command line
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
62
Monitored processes
22
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start hotdog.exe cmd.exe no specs taskkill.exe no specs runaway.exe no specs runaway.exe no specs runaway.exe no specs runaway.exe no specs runaway.exe no specs runaway.exe no specs runaway.exe no specs runaway.exe no specs runaway.exe no specs runaway.exe no specs runaway.exe no specs runaway.exe no specs runaway.exe no specs runaway.exe no specs runaway.exe no specs runaway.exe no specs runaway.exe no specs nohotdog.exe no specs hotdog.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
120runaway.exe C:\Users\admin\AppData\Local\Temp\runaway.execmd.exe
User:
admin
Integrity Level:
HIGH
Description:
Exit code:
0
Version:
0.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\runaway.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
1824runaway.exe C:\Users\admin\AppData\Local\Temp\runaway.execmd.exe
User:
admin
Integrity Level:
HIGH
Description:
Exit code:
0
Version:
0.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\runaway.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
1836runaway.exe C:\Users\admin\AppData\Local\Temp\runaway.execmd.exe
User:
admin
Integrity Level:
HIGH
Description:
Exit code:
0
Version:
0.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\runaway.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
1972runaway.exe C:\Users\admin\AppData\Local\Temp\runaway.execmd.exe
User:
admin
Integrity Level:
HIGH
Description:
Exit code:
0
Version:
0.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\runaway.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
2000NoHotdog.exe C:\Users\admin\AppData\Local\Temp\NoHotdog.execmd.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\nohotdog.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
2036"C:\Windows\system32\cmd" /c "C:\Users\admin\AppData\Local\Temp\EEF4.tmp\EEF5.tmp\EEF6.bat C:\Users\admin\AppData\Local\Temp\Hotdog.exe"C:\Windows\System32\cmd.exeHotdog.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
1
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2120runaway.exe C:\Users\admin\AppData\Local\Temp\runaway.execmd.exe
User:
admin
Integrity Level:
HIGH
Description:
Exit code:
0
Version:
0.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\runaway.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
2168runaway.exe C:\Users\admin\AppData\Local\Temp\runaway.execmd.exe
User:
admin
Integrity Level:
HIGH
Description:
Exit code:
0
Version:
0.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\runaway.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
2208runaway.exe C:\Users\admin\AppData\Local\Temp\runaway.execmd.exe
User:
admin
Integrity Level:
HIGH
Description:
Exit code:
0
Version:
0.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\runaway.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
2444runaway.exe C:\Users\admin\AppData\Local\Temp\runaway.execmd.exe
User:
admin
Integrity Level:
HIGH
Description:
Exit code:
0
Version:
0.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\runaway.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
Total events
2 301
Read events
2 301
Write events
0
Delete events
0

Modification events

No data
Executable files
4
Suspicious files
0
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
2000NoHotdog.exe\Device\Harddisk0\DR0
MD5:
SHA256:
3736Hotdog.exeC:\Users\admin\AppData\Local\Temp\NoHotdog.exeexecutable
MD5:3BFD2EF3132AB1A76C26C446DCF8CD36
SHA256:9F07DFFE9A330B8F1EBE2BA8E3037598920BA7CBE03C61DE7EDEBE1D799E9F74
3736Hotdog.exeC:\Users\admin\AppData\Local\Temp\EEF4.tmp\EEF5.tmp\EEF6.battext
MD5:C3D17D03671BB0590D70E07F584C0675
SHA256:775F80F998EDBCE19EC1298D571C4CE4D7A5A84CF5A90EA48DD22916E43FA3F3
3736Hotdog.exeC:\Users\admin\AppData\Local\Temp\runaway.exeexecutable
MD5:979B597855746AEE2F30EE74F9D7C163
SHA256:DC6EE4EDBBBE1116A200B928F2B62DBC55594A9F79152BBB0076161A58546C11
3736Hotdog.exeC:\Users\admin\AppData\Local\Temp\Melting.exeexecutable
MD5:833619A4C9E8C808F092BF477AF62618
SHA256:92A284981C7CA33F1AF45CE61738479FBCBB5A4111F5498E2CB54931C8A36C76
3736Hotdog.exeC:\Users\admin\AppData\Local\Temp\goodbye.exeexecutable
MD5:6FA5B5038643514DC250DDCD470B398A
SHA256:CF5462EA4E62C66C25BADA158F0F47436F1B53398453EC5AB9F1A28F469501E6
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Hotdog.exe