File name:

BraveBrowserSetup-BRV011.exe

Full analysis: https://app.any.run/tasks/24423a08-5e9a-499d-8367-b49464b69451
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: December 23, 2024, 11:57:36
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
stealer
loader
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

E3E7498C2436A1570109FBE755AF1D40

SHA1:

D7FB79F465D2C87EF22088327B5BFB73899FDF7E

SHA256:

498E27ED4E5BB584672992F459C0E51CD1E7345889DFF1521CCF577B13ED6313

SSDEEP:

49152:NXFNC1hS8Dr48GRDHI2VUqTMM1XO4v51ri3v9GsDsElveNrtaZOEWz0r9a4370RS:VshS8H4zHZi5M1XOWrgv9GsDs0veNrtl

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • setup.exe (PID: 2220)

    • Actions looks like stealing of personal data

      • setup.exe (PID: 2220)
      • BraveUpdate.exe (PID: 3488)
      • brave.exe (PID: 2164)
      • brave.exe (PID: 4724)
      • csrss.exe (PID: 616)
      • setup.exe (PID: 4244)
      • brave.exe (PID: 2788)
      • services.exe (PID: 752)
      • csrss.exe (PID: 532)
      • elevation_service.exe (PID: 1200)
      • brave.exe (PID: 4704)
      • brave.exe (PID: 5792)
      • brave.exe (PID: 3080)
      • chrmstp.exe (PID: 3632)
      • brave.exe (PID: 5732)
      • brave.exe (PID: 5004)
      • chrmstp.exe (PID: 6228)
      • chrmstp.exe (PID: 6192)

    • Steals credentials from Web Browsers

      • brave.exe (PID: 2164)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • BraveBrowserSetup-BRV011.exe (PID: 5200)
      • BraveUpdateSetup.exe (PID: 5008)
      • BraveUpdate.exe (PID: 836)
      • brave_installer-x64.exe (PID: 5792)
      • setup.exe (PID: 2220)

    • Reads security settings of Internet Explorer

      • BraveUpdate.exe (PID: 1544)
      • BraveUpdate.exe (PID: 836)

    • Disables SEHOP

      • BraveUpdate.exe (PID: 836)

    • Starts itself from another location

      • BraveUpdate.exe (PID: 836)

    • Creates/Modifies COM task schedule object

      • BraveUpdateComRegisterShell64.exe (PID: 5256)
      • BraveUpdate.exe (PID: 5728)
      • BraveUpdateComRegisterShell64.exe (PID: 644)
      • BraveUpdateComRegisterShell64.exe (PID: 5240)

    • Executes as Windows Service

      • BraveUpdate.exe (PID: 5892)
      • elevation_service.exe (PID: 1200)

    • Searches for installed software

      • setup.exe (PID: 4244)
      • setup.exe (PID: 2220)
      • chrmstp.exe (PID: 3632)
      • chrmstp.exe (PID: 6192)

    • Creates a software uninstall entry

      • setup.exe (PID: 2220)

    • Application launched itself

      • setup.exe (PID: 2220)
      • brave.exe (PID: 2164)
      • setup.exe (PID: 4244)
      • BraveUpdate.exe (PID: 5892)
      • chrmstp.exe (PID: 6192)
      • chrmstp.exe (PID: 3632)

  • INFO

    • Checks supported languages

      • BraveBrowserSetup-BRV011.exe (PID: 5200)
      • BraveUpdate.exe (PID: 1544)
      • BraveUpdate.exe (PID: 836)
      • BraveUpdateSetup.exe (PID: 5008)
      • BraveUpdate.exe (PID: 5548)
      • BraveUpdateComRegisterShell64.exe (PID: 5240)
      • BraveUpdate.exe (PID: 5728)
      • BraveUpdateComRegisterShell64.exe (PID: 5256)
      • BraveUpdateComRegisterShell64.exe (PID: 644)
      • BraveUpdate.exe (PID: 2548)
      • BraveUpdate.exe (PID: 1448)
      • BraveUpdate.exe (PID: 5892)
      • brave_installer-x64.exe (PID: 5792)
      • setup.exe (PID: 2220)
      • setup.exe (PID: 4244)
      • BraveUpdate.exe (PID: 3488)
      • BraveUpdateOnDemand.exe (PID: 2456)
      • brave.exe (PID: 2164)
      • setup.exe (PID: 5936)
      • BraveUpdate.exe (PID: 1468)
      • brave.exe (PID: 4724)
      • brave.exe (PID: 4704)
      • elevation_service.exe (PID: 1200)
      • brave.exe (PID: 5004)
      • brave.exe (PID: 3080)
      • brave.exe (PID: 5732)
      • chrmstp.exe (PID: 3632)
      • brave.exe (PID: 5792)
      • chrmstp.exe (PID: 6152)
      • chrmstp.exe (PID: 6192)

    • Create files in a temporary directory

      • BraveBrowserSetup-BRV011.exe (PID: 5200)
      • brave.exe (PID: 2164)

    • The sample compiled with chinese language support

      • BraveBrowserSetup-BRV011.exe (PID: 5200)
      • BraveUpdateSetup.exe (PID: 5008)
      • BraveUpdate.exe (PID: 836)

    • The sample compiled with french language support

      • BraveBrowserSetup-BRV011.exe (PID: 5200)
      • BraveUpdateSetup.exe (PID: 5008)
      • BraveUpdate.exe (PID: 836)

    • The sample compiled with english language support

      • BraveBrowserSetup-BRV011.exe (PID: 5200)
      • BraveUpdateSetup.exe (PID: 5008)
      • BraveUpdate.exe (PID: 836)
      • brave_installer-x64.exe (PID: 5792)
      • setup.exe (PID: 2220)

    • The sample compiled with arabic language support

      • BraveBrowserSetup-BRV011.exe (PID: 5200)
      • BraveUpdateSetup.exe (PID: 5008)
      • BraveUpdate.exe (PID: 836)

    • The sample compiled with Indonesian language support

      • BraveBrowserSetup-BRV011.exe (PID: 5200)
      • BraveUpdateSetup.exe (PID: 5008)
      • BraveUpdate.exe (PID: 836)

    • The sample compiled with bulgarian language support

      • BraveBrowserSetup-BRV011.exe (PID: 5200)
      • BraveUpdateSetup.exe (PID: 5008)
      • BraveUpdate.exe (PID: 836)

    • The sample compiled with korean language support

      • BraveBrowserSetup-BRV011.exe (PID: 5200)
      • BraveUpdateSetup.exe (PID: 5008)
      • BraveUpdate.exe (PID: 836)

    • The sample compiled with czech language support

      • BraveBrowserSetup-BRV011.exe (PID: 5200)
      • BraveUpdateSetup.exe (PID: 5008)
      • BraveUpdate.exe (PID: 836)

    • The sample compiled with german language support

      • BraveBrowserSetup-BRV011.exe (PID: 5200)
      • BraveUpdateSetup.exe (PID: 5008)
      • BraveUpdate.exe (PID: 836)

    • The sample compiled with Italian language support

      • BraveBrowserSetup-BRV011.exe (PID: 5200)
      • BraveUpdateSetup.exe (PID: 5008)
      • BraveUpdate.exe (PID: 836)

    • The sample compiled with portuguese language support

      • BraveBrowserSetup-BRV011.exe (PID: 5200)
      • BraveUpdateSetup.exe (PID: 5008)
      • BraveUpdate.exe (PID: 836)

    • Reads the computer name

      • BraveUpdate.exe (PID: 1544)
      • BraveUpdate.exe (PID: 836)
      • BraveUpdate.exe (PID: 5548)
      • BraveUpdate.exe (PID: 5728)
      • BraveUpdateComRegisterShell64.exe (PID: 5240)
      • BraveUpdateComRegisterShell64.exe (PID: 5256)
      • BraveUpdateComRegisterShell64.exe (PID: 644)
      • BraveUpdate.exe (PID: 2548)
      • BraveUpdate.exe (PID: 1448)
      • BraveUpdate.exe (PID: 5892)
      • setup.exe (PID: 4244)
      • setup.exe (PID: 2220)
      • BraveUpdate.exe (PID: 1468)
      • brave.exe (PID: 2164)
      • elevation_service.exe (PID: 1200)
      • brave.exe (PID: 4704)
      • brave.exe (PID: 2788)
      • brave.exe (PID: 5732)
      • chrmstp.exe (PID: 3632)
      • chrmstp.exe (PID: 6192)

    • Creates files in the program directory

      • BraveUpdateSetup.exe (PID: 5008)
      • BraveUpdate.exe (PID: 836)
      • BraveUpdate.exe (PID: 5892)
      • brave_installer-x64.exe (PID: 5792)
      • setup.exe (PID: 2220)
      • setup.exe (PID: 4244)

    • Process checks computer location settings

      • BraveUpdate.exe (PID: 1544)
      • BraveUpdate.exe (PID: 836)
      • brave.exe (PID: 2164)
      • brave.exe (PID: 3080)

    • The sample compiled with swedish language support

      • BraveUpdateSetup.exe (PID: 5008)
      • BraveUpdate.exe (PID: 836)
      • BraveBrowserSetup-BRV011.exe (PID: 5200)

    • The sample compiled with slovak language support

      • BraveUpdateSetup.exe (PID: 5008)
      • BraveUpdate.exe (PID: 836)
      • BraveBrowserSetup-BRV011.exe (PID: 5200)

    • The sample compiled with russian language support

      • BraveUpdateSetup.exe (PID: 5008)
      • BraveUpdate.exe (PID: 836)
      • BraveBrowserSetup-BRV011.exe (PID: 5200)

    • The sample compiled with turkish language support

      • BraveUpdateSetup.exe (PID: 5008)
      • BraveUpdate.exe (PID: 836)
      • BraveBrowserSetup-BRV011.exe (PID: 5200)

    • The sample compiled with japanese language support

      • BraveUpdateSetup.exe (PID: 5008)
      • BraveUpdate.exe (PID: 836)
      • BraveBrowserSetup-BRV011.exe (PID: 5200)

    • The sample compiled with polish language support

      • BraveUpdateSetup.exe (PID: 5008)
      • BraveUpdate.exe (PID: 836)
      • BraveBrowserSetup-BRV011.exe (PID: 5200)

    • Checks proxy server information

      • BraveUpdate.exe (PID: 2548)
      • BraveUpdate.exe (PID: 1468)
      • brave.exe (PID: 2164)

    • Reads the machine GUID from the registry

      • BraveUpdate.exe (PID: 5892)
      • BraveUpdate.exe (PID: 2548)
      • BraveUpdate.exe (PID: 1468)

    • Reads the software policy settings

      • BraveUpdate.exe (PID: 5892)
      • BraveUpdate.exe (PID: 2548)
      • BraveUpdate.exe (PID: 1468)

    • Creates files or folders in the user directory

      • setup.exe (PID: 4244)
      • setup.exe (PID: 2220)
      • brave.exe (PID: 2164)
      • brave.exe (PID: 4724)
      • brave.exe (PID: 2788)

    • Disables trace logs

      • brave.exe (PID: 2164)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (76.4)
.exe | Win32 Executable (generic) (12.4)
.exe | Generic Win/DOS Executable (5.5)
.exe | DOS Executable Generic (5.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:03:06 06:37:21+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.29
CodeSize: 101888
InitializedDataSize: 1314304
UninitializedDataSize: -
EntryPoint: 0x699b
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 1.3.361.145
ProductVersionNumber: 1.3.361.145
FileFlagsMask: 0x003f
FileFlags: Private build
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: BraveSoftware Inc.
FileDescription: BraveSoftware Update Setup
FileVersion: 1.3.361.145
InternalName: BraveSoftware Update Setup
OriginalFileName: BraveUpdateSetup.exe
ProductName: BraveSoftware Update
ProductVersion: 1.3.361.145
LanguageId: en
PrivateBuild: -
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
159
Monitored processes
39
Malicious processes
24
Suspicious processes
2

Behavior graph

Click at the process to see the details
start bravebrowsersetup-brv011.exe braveupdate.exe no specs braveupdatesetup.exe braveupdate.exe braveupdate.exe no specs braveupdate.exe no specs braveupdatecomregistershell64.exe no specs braveupdatecomregistershell64.exe no specs braveupdatecomregistershell64.exe no specs braveupdate.exe braveupdate.exe no specs braveupdate.exe brave_installer-x64.exe setup.exe setup.exe no specs setup.exe setup.exe no specs braveupdate.exe braveupdateondemand.exe no specs braveupdate.exe brave.exe brave.exe brave.exe brave.exe elevation_service.exe brave.exe brave.exe brave.exe brave.exe chrmstp.exe chrmstp.exe no specs chrmstp.exe chrmstp.exe brave.exe no specs brave.exe no specs brave.exe no specs csrss.exe csrss.exe services.exe

Process information

PID
CMD
Path
Indicators
Parent process
532%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16C:\Windows\System32\csrss.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Client Server Runtime Process
Version:
10.0.19041.1 (WinBuild.160101.0800)
616%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16C:\Windows\System32\csrss.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Client Server Runtime Process
Version:
10.0.19041.1 (WinBuild.160101.0800)
644"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exe" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.145\BraveUpdateComRegisterShell64.exeBraveUpdate.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\program files (x86)\bravesoftware\update\1.3.361.145\braveupdatecomregistershell64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
752C:\WINDOWS\system32\services.exeC:\Windows\System32\services.exe
wininit.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Services and Controller app
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\apphelp.dll
836"C:\Program Files (x86)\BraveSoftware\Temp\GUM6881.tmp\BraveUpdate.exe" /installsource taggedmi /install "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none" /installelevatedC:\Program Files (x86)\BraveSoftware\Temp\GUM6881.tmp\BraveUpdate.exe
BraveUpdateSetup.exe
User:
admin
Company:
BraveSoftware Inc.
Integrity Level:
HIGH
Description:
BraveSoftware Update
Exit code:
0
Version:
1.3.361.145
Modules
Images
c:\program files (x86)\bravesoftware\temp\gum6881.tmp\braveupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
1200"C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\elevation_service.exe"C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\elevation_service.exe
services.exe
User:
SYSTEM
Company:
Brave Software, Inc.
Integrity Level:
SYSTEM
Description:
Brave Browser
Exit code:
0
Version:
131.1.73.104
Modules
Images
c:\program files\bravesoftware\brave-browser\application\131.1.73.104\elevation_service.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\oleaut32.dll
1448"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /handoff "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none" /installsource taggedmi /sessionid "{A1650B2B-FC58-4A67-9D1B-846E6C4040A3}"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeBraveUpdate.exe
User:
admin
Company:
BraveSoftware Inc.
Integrity Level:
HIGH
Description:
BraveSoftware Update
Exit code:
0
Version:
1.3.361.145
Modules
Images
c:\program files (x86)\bravesoftware\update\braveupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
1468"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTQ1IiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjE0NSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9IntBMTY1MEIyQi1GQzU4LTRBNjctOUQxQi04NDZFNkM0MDQwQTN9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7ODREMDExOUQtMEE1OS00QzUwLUI2RUMtMzI0Qjg4QTY4NjQ3fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSI0IiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ1LjQwNDYiIHNwPSIiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9IntBRkU2QTQ2Mi1DNTc0LTRCOEEtQUY0My00Q0M2MERGNDU2M0J9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMzEuMS43My4xMDQiIGFwPSJyZWxlYXNlIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cHM6Ly91cGRhdGVzLWNkbi5icmF2ZXNvZnR3YXJlLmNvbS9idWlsZC9CcmF2ZS1SZWxlYXNlL3JlbGVhc2Uvd2luLzEzMS4xLjczLjEwNC94NjQvYnJhdmVfaW5zdGFsbGVyLXg2NC5leGUiIGRvd25sb2FkZWQ9IjEzMDkyODY1NiIgdG90YWw9IjEzMDkyODY1NiIgZG93bmxvYWRfdGltZV9tcz0iMTAwNjU1Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY2MDgiIHNvdXJjZV91cmxfaW5kZXg9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSI2NTE1IiBkb3dubG9hZF90aW1lX21zPSIxMDI2ODciIGRvd25sb2FkZWQ9IjEzMDkyODY1NiIgdG90YWw9IjEzMDkyODY1NiIgaW5zdGFsbF90aW1lX21zPSIxODc1MCIvPjwvYXBwPjwvcmVxdWVzdD4C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
BraveUpdate.exe
User:
admin
Company:
BraveSoftware Inc.
Integrity Level:
HIGH
Description:
BraveSoftware Update
Exit code:
0
Version:
1.3.361.145
Modules
Images
c:\program files (x86)\bravesoftware\update\braveupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\msvcrt.dll
1544C:\Users\admin\AppData\Local\Temp\GUM61F9.tmp\BraveUpdate.exe /installsource taggedmi /install "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none"C:\Users\admin\AppData\Local\Temp\GUM61F9.tmp\BraveUpdate.exeBraveBrowserSetup-BRV011.exe
User:
admin
Company:
BraveSoftware Inc.
Integrity Level:
MEDIUM
Description:
BraveSoftware Update
Exit code:
0
Version:
1.3.361.145
Modules
Images
c:\users\admin\appdata\local\temp\gum61f9.tmp\braveupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
2164"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --from-installerC:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
BraveUpdate.exe
User:
admin
Company:
Brave Software, Inc.
Integrity Level:
MEDIUM
Description:
Brave Browser
Version:
131.1.73.104
Modules
Images
c:\program files\bravesoftware\brave-browser\application\brave.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\bravesoftware\brave-browser\application\131.1.73.104\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\advapi32.dll
Total events
20 322
Read events
16 467
Write events
3 738
Delete events
117

Modification events

(PID) Process:(5200) BraveBrowserSetup-BRV011.exeKey:HKEY_CURRENT_USER\SOFTWARE\BraveSoftware\Promo
Operation:writeName:StubInstallerPath
Value:
C:\Users\admin\Desktop\BraveBrowserSetup-BRV011.exe
(PID) Process:(752) services.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\brave
Operation:writeName:Type
Value:
16
(PID) Process:(752) services.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\brave
Operation:writeName:Start
Value:
2
(PID) Process:(752) services.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\brave
Operation:writeName:ErrorControl
Value:
1
(PID) Process:(752) services.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\brave
Operation:writeName:ImagePath
Value:
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /svc
(PID) Process:(752) services.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\brave
Operation:writeName:DisplayName
Value:
Brave Update Service (brave)
(PID) Process:(752) services.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\brave
Operation:writeName:DependOnService
Value:
RPCSS
(PID) Process:(752) services.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\brave
Operation:delete valueName:DependOnGroup
Value:
(PID) Process:(752) services.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\brave
Operation:writeName:WOW64
Value:
332
(PID) Process:(752) services.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\brave
Operation:writeName:ObjectName
Value:
LocalSystem
Executable files
226
Suspicious files
87
Text files
55
Unknown types
28

Dropped files

PID
Process
Filename
Type
5200BraveBrowserSetup-BRV011.exeC:\Users\admin\AppData\Local\Temp\GUM61F9.tmp\BraveCrashHandler.exeexecutable
MD5:565DAF0070618C3BBB1D486B0D5A70FA
SHA256:03E2EA9C1BE863F1BD007AE03C06BF3187751A00ED0CF7C4DEB3750951E5B960
5200BraveBrowserSetup-BRV011.exeC:\Users\admin\AppData\Local\Temp\GUM61F9.tmp\psuser_64.dllexecutable
MD5:0259892D2CB710C05CFFCA79F9686FA0
SHA256:843DFFA160083155BCC046EBD3C99FA035044156C203A7AE191C629CD83A0EF7
5200BraveBrowserSetup-BRV011.exeC:\Users\admin\AppData\Local\Temp\GUM61F9.tmp\goopdateres_bg.dllexecutable
MD5:DA09EAA0D93375AFE0709C1809C14939
SHA256:0BD086FFED7296FF1FD8228AED8F80B8D9A8E2402AB974A9258A86887347E502
5200BraveBrowserSetup-BRV011.exeC:\Users\admin\AppData\Local\Temp\GUM61F9.tmp\goopdate.dllexecutable
MD5:36C7B693D057C28F237E57964DC3D785
SHA256:A718ECF01E9E995A189A6A0F9F6367ECAFECEB7BDA16705E8B7037AB844E51C5
5200BraveBrowserSetup-BRV011.exeC:\Users\admin\AppData\Local\Temp\GUM61F9.tmp\psmachine.dllexecutable
MD5:B5BDDAF2C405EE17FAF06640D0F27397
SHA256:94B5ADE4D93F125632A7C8DBF79F99DEA877C28C2F40A9CA47C3C660A822CE4F
5200BraveBrowserSetup-BRV011.exeC:\Users\admin\AppData\Local\Temp\GUM61F9.tmp\goopdateres_ar.dllexecutable
MD5:BBC6198B60210C1578CBAA60B96FDC70
SHA256:9196D431048A4481911054ACAD58D849D9AC38715A2F164FB09CC52F5E41D105
5200BraveBrowserSetup-BRV011.exeC:\Users\admin\AppData\Local\Temp\GUM61F9.tmp\psmachine_64.dllexecutable
MD5:7931008AC869E46D780872FDE1ED4328
SHA256:971C492072C6E6E6DDB0B8584059E9AF58F3B089DECB151FD860599E818AD1FD
5200BraveBrowserSetup-BRV011.exeC:\Users\admin\AppData\Local\Temp\GUM61F9.tmp\BraveCrashHandlerArm64.exeexecutable
MD5:C8208EF35D885AF836E6740CB411BDB7
SHA256:780FEDCD87E2AFC1A64EA295EA1A940EA69F74B43C625B6C85C0EECFD4142472
5200BraveBrowserSetup-BRV011.exeC:\Users\admin\AppData\Local\Temp\GUM61F9.tmp\BraveCrashHandler64.exeexecutable
MD5:22DB9D0D4FEC050C0420274D3073994B
SHA256:00FF35AA88B2E1C9C271365A93B019CDD3A4ACA593642712B694628D45A12C8C
5200BraveBrowserSetup-BRV011.exeC:\Users\admin\AppData\Local\Temp\GUM61F9.tmp\psuser.dllexecutable
MD5:51529BD404AD6A93BACC2FAA88376CA9
SHA256:ABAD43AD3E27D1E6C8611AE285AD1A7C96127DF36B98DC2FE5674B511B62421B
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
56
TCP/UDP connections
22
DNS requests
27
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
HEAD
200
3.161.82.75:443
https://updates-cdn.bravesoftware.com/build/Brave-Release/release/win/131.1.73.104/x64/brave_installer-x64.exe
unknown
unknown
4712
MoUsoCoreWorker.exe
GET
200
23.53.40.176:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
POST
200
13.32.121.6:443
https://updates.bravesoftware.com/service/update2
unknown
xml
250 b
unknown
GET
200
3.161.82.75:443
https://updates-cdn.bravesoftware.com/build/Brave-Release/release/win/131.1.73.104/x64/brave_installer-x64.exe
unknown
executable
124 Mb
whitelisted
POST
200
44.231.32.162:443
https://go-updater.brave.com/extensions
unknown
text
537 b
whitelisted
POST
200
13.32.121.70:443
https://updates.bravesoftware.com/service/update2
unknown
xml
375 b
unknown
POST
200
44.231.32.162:443
https://go-updater.brave.com/extensions
unknown
text
543 b
whitelisted
POST
200
44.224.182.120:443
https://go-updater.brave.com/extensions
unknown
text
537 b
whitelisted
POST
307
54.68.236.73:443
https://go-updater.brave.com/extensions
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4712
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
4308
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
2548
BraveUpdate.exe
13.32.121.70:443
updates.bravesoftware.com
AMAZON-02
US
shared
5892
BraveUpdate.exe
13.32.121.70:443
updates.bravesoftware.com
AMAZON-02
US
shared
4308
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4712
MoUsoCoreWorker.exe
23.53.40.176:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4712
MoUsoCoreWorker.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 51.104.136.2
whitelisted
google.com
  • 172.217.23.110
whitelisted
updates.bravesoftware.com
  • 13.32.121.70
  • 13.32.121.124
  • 13.32.121.6
  • 13.32.121.47
shared
crl.microsoft.com
  • 23.53.40.176
  • 23.53.41.90
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
updates-cdn.bravesoftware.com
  • 3.161.82.36
  • 3.161.82.23
  • 3.161.82.8
  • 3.161.82.75
whitelisted
self.events.data.microsoft.com
  • 20.189.173.27
whitelisted
www.bing.com
  • 104.126.37.139
  • 104.126.37.154
  • 104.126.37.147
  • 104.126.37.153
  • 104.126.37.145
  • 104.126.37.155
  • 104.126.37.144
  • 104.126.37.169
  • 104.126.37.162
whitelisted
star-randsrv.bsg.brave.com
  • 54.187.81.236
  • 100.21.127.224
  • 54.190.192.109
  • 52.27.223.50
  • 35.161.224.153
  • 44.227.161.93
  • 52.13.25.97
  • 44.224.133.55
whitelisted
variations.brave.com
  • 18.245.46.34
  • 18.245.46.36
  • 18.245.46.26
  • 18.245.46.30
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
BraveBrowserSetup-BRV011.exe