File name:

BraveBrowserSetup-BRV010.exe

Full analysis: https://app.any.run/tasks/eecefddd-207d-4465-9967-333dba4d7e09
Verdict: Malicious activity
Threats:

Crypto mining malware is a resource-intensive threat that infiltrates computers with the purpose of mining cryptocurrencies. This type of threat can be deployed either on an infected machine or a compromised website. In both cases the miner will utilize the computing power of the device and its network bandwidth.

Malware Trends Tracker     >>>
Analysis date: July 27, 2024, 02:23:29
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
stealer
miner
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

ADE2D194C916C8B0199BAFF5CF1B3819

SHA1:

96EC3A266D5BDDB17F0E7663E74FFD857DBC6CC7

SHA256:

821D32B04D3701010164B982A61A929906F1DC7AD5F53ED4BE137127BB1D75DE

SSDEEP:

49152:BtxYh7vDRzU6jOAuOtiEwR2FjJKurz7dzWDwjNtD2WaqBjWODZXczPBDxVB628yP:BQh7rmkO5OK2RJKurn4wjf2Wa0iyZXcN

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • BraveBrowserSetup-BRV010.exe (PID: 2888)
      • BraveUpdateSetup.exe (PID: 5464)
      • BraveUpdate.exe (PID: 3196)
      • brave_installer-x64.exe (PID: 7052)
      • setup.exe (PID: 6696)

    • Scans artifacts that could help determine the target

      • BraveUpdate.exe (PID: 1712)

    • Actions looks like stealing of personal data

      • setup.exe (PID: 4016)
      • BraveUpdate.exe (PID: 5484)
      • brave.exe (PID: 4520)
      • setup.exe (PID: 6696)
      • brave.exe (PID: 1136)
      • brave.exe (PID: 3780)
      • brave.exe (PID: 6964)
      • elevation_service.exe (PID: 528)
      • brave.exe (PID: 3840)
      • brave.exe (PID: 2120)
      • brave.exe (PID: 4548)
      • brave.exe (PID: 3196)
      • brave.exe (PID: 4752)
      • brave.exe (PID: 2796)
      • brave.exe (PID: 4076)
      • chrmstp.exe (PID: 320)
      • brave.exe (PID: 2088)
      • chrmstp.exe (PID: 4444)
      • brave.exe (PID: 4752)
      • brave.exe (PID: 6636)
      • brave.exe (PID: 1156)
      • chrmstp.exe (PID: 2960)
      • brave.exe (PID: 4840)
      • brave.exe (PID: 6624)
      • brave.exe (PID: 7040)
      • chrmstp.exe (PID: 3340)
      • brave.exe (PID: 6716)
      • brave.exe (PID: 1256)
      • brave.exe (PID: 3188)
      • brave.exe (PID: 4752)
      • brave.exe (PID: 3580)

    • Changes the autorun value in the registry

      • setup.exe (PID: 6696)

    • Steals credentials from Web Browsers

      • brave.exe (PID: 3580)

  • SUSPICIOUS

    • Reads the date of Windows installation

      • BraveUpdate.exe (PID: 5128)
      • BraveUpdate.exe (PID: 3196)
      • chrmstp.exe (PID: 2960)

    • Executable content was dropped or overwritten

      • BraveBrowserSetup-BRV010.exe (PID: 2888)
      • BraveUpdateSetup.exe (PID: 5464)
      • BraveUpdate.exe (PID: 3196)
      • brave_installer-x64.exe (PID: 7052)
      • setup.exe (PID: 6696)

    • Reads security settings of Internet Explorer

      • BraveUpdate.exe (PID: 5128)
      • BraveUpdate.exe (PID: 3196)
      • BraveUpdate.exe (PID: 1712)
      • chrmstp.exe (PID: 2960)

    • Disables SEHOP

      • BraveUpdate.exe (PID: 3196)

    • Starts itself from another location

      • BraveUpdate.exe (PID: 3196)

    • Creates/Modifies COM task schedule object

      • BraveUpdate.exe (PID: 6512)
      • BraveUpdateComRegisterShell64.exe (PID: 1472)
      • BraveUpdateComRegisterShell64.exe (PID: 6420)
      • BraveUpdateComRegisterShell64.exe (PID: 2960)

    • Executes as Windows Service

      • BraveUpdate.exe (PID: 720)
      • elevation_service.exe (PID: 528)

    • Application launched itself

      • setup.exe (PID: 6696)
      • setup.exe (PID: 4016)
      • BraveUpdate.exe (PID: 720)
      • brave.exe (PID: 3580)
      • chrmstp.exe (PID: 3340)
      • chrmstp.exe (PID: 2960)

    • Searches for installed software

      • setup.exe (PID: 6696)
      • setup.exe (PID: 4016)
      • chrmstp.exe (PID: 3340)
      • chrmstp.exe (PID: 2960)

    • Creates a software uninstall entry

      • setup.exe (PID: 6696)

    • Reads Mozilla Firefox installation path

      • brave.exe (PID: 3580)

    • Dropped object may contain URLs of mainers pools

      • brave.exe (PID: 6624)

  • INFO

    • Create files in a temporary directory

      • BraveBrowserSetup-BRV010.exe (PID: 2888)
      • BraveUpdate.exe (PID: 720)
      • brave.exe (PID: 3580)

    • Reads the computer name

      • BraveUpdate.exe (PID: 5128)
      • BraveUpdate.exe (PID: 3196)
      • BraveUpdate.exe (PID: 6512)
      • BraveUpdate.exe (PID: 6036)
      • BraveUpdateComRegisterShell64.exe (PID: 6420)
      • BraveUpdate.exe (PID: 3384)
      • BraveUpdateComRegisterShell64.exe (PID: 1472)
      • BraveUpdateComRegisterShell64.exe (PID: 2960)
      • BraveUpdate.exe (PID: 1712)
      • BraveUpdate.exe (PID: 720)
      • brave_installer-x64.exe (PID: 7052)
      • setup.exe (PID: 4016)
      • setup.exe (PID: 6696)
      • BraveUpdate.exe (PID: 1188)
      • BraveUpdate.exe (PID: 5484)
      • brave.exe (PID: 3580)
      • brave.exe (PID: 1136)
      • brave.exe (PID: 3780)
      • elevation_service.exe (PID: 528)
      • brave.exe (PID: 4548)
      • chrmstp.exe (PID: 3340)
      • chrmstp.exe (PID: 2960)

    • Checks proxy server information

      • slui.exe (PID: 5696)
      • BraveUpdate.exe (PID: 3384)
      • BraveUpdate.exe (PID: 1712)
      • slui.exe (PID: 6752)
      • brave.exe (PID: 3580)

    • Reads the software policy settings

      • slui.exe (PID: 5696)
      • BraveUpdate.exe (PID: 3384)
      • BraveUpdate.exe (PID: 720)
      • slui.exe (PID: 6752)
      • BraveUpdate.exe (PID: 1188)

    • Checks supported languages

      • BraveBrowserSetup-BRV010.exe (PID: 2888)
      • BraveUpdateSetup.exe (PID: 5464)
      • BraveUpdate.exe (PID: 5128)
      • BraveUpdate.exe (PID: 3196)
      • BraveUpdate.exe (PID: 6036)
      • BraveUpdate.exe (PID: 6512)
      • BraveUpdateComRegisterShell64.exe (PID: 6420)
      • BraveUpdateComRegisterShell64.exe (PID: 1472)
      • BraveUpdateComRegisterShell64.exe (PID: 2960)
      • BraveUpdate.exe (PID: 3384)
      • BraveUpdate.exe (PID: 1712)
      • BraveUpdate.exe (PID: 720)
      • brave_installer-x64.exe (PID: 7052)
      • setup.exe (PID: 6696)
      • setup.exe (PID: 4016)
      • setup.exe (PID: 5864)
      • setup.exe (PID: 4288)
      • BraveUpdate.exe (PID: 1188)
      • BraveUpdateOnDemand.exe (PID: 6552)
      • BraveUpdate.exe (PID: 5484)
      • brave.exe (PID: 3580)
      • brave.exe (PID: 1136)
      • brave.exe (PID: 4520)
      • brave.exe (PID: 3780)
      • brave.exe (PID: 4076)
      • brave.exe (PID: 2120)
      • brave.exe (PID: 3840)
      • elevation_service.exe (PID: 528)
      • brave.exe (PID: 6964)
      • brave.exe (PID: 4548)
      • brave.exe (PID: 3196)
      • brave.exe (PID: 2796)
      • brave.exe (PID: 4752)
      • brave.exe (PID: 2088)
      • chrmstp.exe (PID: 2960)
      • chrmstp.exe (PID: 4444)
      • chrmstp.exe (PID: 320)
      • chrmstp.exe (PID: 3340)
      • brave.exe (PID: 4752)
      • brave.exe (PID: 1156)
      • brave.exe (PID: 4840)
      • brave.exe (PID: 6636)
      • brave.exe (PID: 7040)
      • brave.exe (PID: 6624)
      • brave.exe (PID: 6716)
      • brave.exe (PID: 1256)
      • brave.exe (PID: 4752)
      • brave.exe (PID: 3188)

    • Process checks computer location settings

      • BraveUpdate.exe (PID: 5128)
      • BraveUpdate.exe (PID: 3196)
      • brave.exe (PID: 3580)
      • brave.exe (PID: 6964)
      • brave.exe (PID: 4076)
      • brave.exe (PID: 3840)
      • brave.exe (PID: 4752)

    • Creates files in the program directory

      • BraveUpdate.exe (PID: 3196)
      • BraveUpdate.exe (PID: 720)
      • brave_installer-x64.exe (PID: 7052)
      • setup.exe (PID: 6696)
      • setup.exe (PID: 4016)

    • Creates files or folders in the user directory

      • setup.exe (PID: 4016)
      • setup.exe (PID: 6696)
      • brave.exe (PID: 3580)
      • brave.exe (PID: 4520)
      • brave.exe (PID: 3780)
      • chrmstp.exe (PID: 2960)

    • Reads the machine GUID from the registry

      • brave.exe (PID: 3580)

    • Disables trace logs

      • brave.exe (PID: 3580)

    • Reads Microsoft Office registry keys

      • brave.exe (PID: 3580)
      • chrmstp.exe (PID: 3340)

    • Dropped object may contain TOR URL's

      • brave.exe (PID: 6716)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:07:24 02:29:30+00:00
ImageFileCharacteristics: Executable, Large address aware, 32-bit
PEType: PE32
LinkerVersion: 14.4
CodeSize: 105984
InitializedDataSize: 1149952
UninitializedDataSize: -
EntryPoint: 0x6f17
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 1.3.361.151
ProductVersionNumber: 1.3.361.151
FileFlagsMask: 0x003f
FileFlags: Private build
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: BraveSoftware Inc.
FileDescription: BraveSoftware Update Setup
FileVersion: 1.3.361.151
InternalName: BraveSoftware Update Setup
OriginalFileName: BraveUpdateSetup.exe
ProductName: BraveSoftware Update
ProductVersion: 1.3.361.151
LanguageId: en
PrivateBuild: -
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
197
Monitored processes
50
Malicious processes
40
Suspicious processes
0

Behavior graph

Click at the process to see the details
start bravebrowsersetup-brv010.exe slui.exe braveupdate.exe no specs braveupdatesetup.exe braveupdate.exe braveupdate.exe no specs braveupdate.exe no specs braveupdatecomregistershell64.exe no specs braveupdatecomregistershell64.exe no specs braveupdatecomregistershell64.exe no specs braveupdate.exe braveupdate.exe no specs braveupdate.exe slui.exe brave_installer-x64.exe setup.exe setup.exe no specs setup.exe setup.exe no specs braveupdate.exe braveupdateondemand.exe no specs braveupdate.exe brave.exe brave.exe brave.exe brave.exe brave.exe elevation_service.exe brave.exe brave.exe brave.exe brave.exe brave.exe brave.exe brave.exe brave.exe chrmstp.exe chrmstp.exe chrmstp.exe chrmstp.exe brave.exe brave.exe brave.exe brave.exe brave.exe brave.exe brave.exe brave.exe brave.exe brave.exe

Process information

PID
CMD
Path
Indicators
Parent process
320"C:\Program Files\BraveSoftware\Brave-Browser\Application\127.1.68.128\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\WINDOWS\TEMP\Crashpad --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=127.1.68.128 --initial-client-data=0x2b4,0x2b8,0x2bc,0x290,0x2c0,0x7ff678c83a70,0x7ff678c83a7c,0x7ff678c83a88C:\Program Files\BraveSoftware\Brave-Browser\Application\127.1.68.128\Installer\chrmstp.exe
chrmstp.exe
User:
admin
Company:
Brave Software, Inc.
Integrity Level:
MEDIUM
Description:
Brave Installer
Exit code:
0
Version:
127.1.68.128
Modules
Images
c:\program files\bravesoftware\brave-browser\application\127.1.68.128\installer\chrmstp.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\oleaut32.dll
528"C:\Program Files\BraveSoftware\Brave-Browser\Application\127.1.68.128\elevation_service.exe"C:\Program Files\BraveSoftware\Brave-Browser\Application\127.1.68.128\elevation_service.exe
services.exe
User:
SYSTEM
Company:
Brave Software, Inc.
Integrity Level:
SYSTEM
Description:
Brave Browser
Exit code:
0
Version:
127.1.68.128
Modules
Images
c:\program files\bravesoftware\brave-browser\application\127.1.68.128\elevation_service.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\oleaut32.dll
720"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /svcC:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
services.exe
User:
SYSTEM
Company:
BraveSoftware Inc.
Integrity Level:
SYSTEM
Description:
BraveSoftware Update
Exit code:
0
Version:
1.3.361.151
Modules
Images
c:\program files (x86)\bravesoftware\update\braveupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\msvcrt.dll
1136"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=gpu-process --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1976,i,1369532908775334758,8078918947073979018,262144 --variations-seed-version=1 --mojo-platform-channel-handle=1972 /prefetch:2C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
brave.exe
User:
admin
Company:
Brave Software, Inc.
Integrity Level:
LOW
Description:
Brave Browser
Version:
127.1.68.128
Modules
Images
c:\program files\bravesoftware\brave-browser\application\brave.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\bravesoftware\brave-browser\application\127.1.68.128\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1156"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5140,i,1369532908775334758,8078918947073979018,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5488 /prefetch:8C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
brave.exe
User:
admin
Company:
Brave Software, Inc.
Integrity Level:
LOW
Description:
Brave Browser
Exit code:
0
Version:
127.1.68.128
Modules
Images
c:\program files\bravesoftware\brave-browser\application\brave.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\bravesoftware\brave-browser\application\127.1.68.128\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1188"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTUxIiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjE1MSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9InswN0ZGQUJCOC01RjVFLTRCN0YtQjdFQi0yRDIyMjQ5OTE0MjV9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7MERDRDBBQUItNEVCQy00ODZBLUFEQzUtNEQ5QUQ0OTRDOTBDfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSI0IiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ1LjQwNDYiIHNwPSIiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9IntBRkU2QTQ2Mi1DNTc0LTRCOEEtQUY0My00Q0M2MERGNDU2M0J9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMjcuMS42OC4xMjgiIGFwPSJyZWxlYXNlIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGRvd25sb2FkZXI9Indpbmh0dHAiIHVybD0iaHR0cHM6Ly91cGRhdGVzLWNkbi5icmF2ZXNvZnR3YXJlLmNvbS9idWlsZC9CcmF2ZS1SZWxlYXNlL3JlbGVhc2Uvd2luLzEyNy4xLjY4LjEyOC94NjQvYnJhdmVfaW5zdGFsbGVyLXg2NC5leGUiIGRvd25sb2FkZWQ9IjEyMjcwNTQzMiIgdG90YWw9IjEyMjcwNTQzMiIgZG93bmxvYWRfdGltZV9tcz0iNjgwNjIiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5NjYwOCIgc291cmNlX3VybF9pbmRleD0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjM0MyIgZG93bmxvYWRfdGltZV9tcz0iNjk5MTAiIGRvd25sb2FkZWQ9IjEyMjcwNTQzMiIgdG90YWw9IjEyMjcwNTQzMiIgaW5zdGFsbF90aW1lX21zPSIxMzcxOSIvPjwvYXBwPjwvcmVxdWVzdD4C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
BraveUpdate.exe
User:
SYSTEM
Company:
BraveSoftware Inc.
Integrity Level:
SYSTEM
Description:
BraveSoftware Update
Exit code:
0
Version:
1.3.361.151
Modules
Images
c:\program files (x86)\bravesoftware\update\braveupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\msvcrt.dll
1256"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5628,i,1369532908775334758,8078918947073979018,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5124 /prefetch:8C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
brave.exe
User:
admin
Company:
Brave Software, Inc.
Integrity Level:
LOW
Description:
Brave Browser
Exit code:
0
Version:
127.1.68.128
Modules
Images
c:\program files\bravesoftware\brave-browser\application\brave.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\bravesoftware\brave-browser\application\127.1.68.128\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1472"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exeBraveUpdate.exe
User:
admin
Company:
BraveSoftware Inc.
Integrity Level:
HIGH
Description:
BraveSoftware Update
Exit code:
0
Version:
1.3.361.151
Modules
Images
c:\program files (x86)\bravesoftware\update\1.3.361.151\braveupdatecomregistershell64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
1712"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /handoff "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none" /installsource taggedmi /sessionid "{07FFABB8-5F5E-4B7F-B7EB-2D2224991425}"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeBraveUpdate.exe
User:
admin
Company:
BraveSoftware Inc.
Integrity Level:
HIGH
Description:
BraveSoftware Update
Exit code:
0
Version:
1.3.361.151
Modules
Images
c:\program files (x86)\bravesoftware\update\braveupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
2088"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --field-trial-handle=5188,i,1369532908775334758,8078918947073979018,262144 --variations-seed-version=1 --mojo-platform-channel-handle=5324 /prefetch:8C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
brave.exe
User:
admin
Company:
Brave Software, Inc.
Integrity Level:
LOW
Description:
Brave Browser
Exit code:
0
Version:
127.1.68.128
Modules
Images
c:\program files\bravesoftware\brave-browser\application\brave.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\bravesoftware\brave-browser\application\127.1.68.128\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
Total events
23 299
Read events
20 546
Write events
2 633
Delete events
120

Modification events

(PID) Process:(2888) BraveBrowserSetup-BRV010.exeKey:HKEY_CURRENT_USER\SOFTWARE\BraveSoftware\Promo
Operation:writeName:StubInstallerPath
Value:
C:\Users\admin\AppData\Local\Temp\BraveBrowserSetup-BRV010.exe
(PID) Process:(3196) BraveUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\BraveSoftware\Update
Operation:writeName:path
Value:
C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
(PID) Process:(3196) BraveUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\BraveSoftware\Update
Operation:writeName:UninstallCmdLine
Value:
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /uninstall
(PID) Process:(3196) BraveUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\BraveSoftware\Update\Clients\{B131C935-9BE6-41DA-9599-1F776BEB8019}
Operation:writeName:pv
Value:
1.3.361.151
(PID) Process:(3196) BraveUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\BraveSoftware\Update\Clients\{B131C935-9BE6-41DA-9599-1F776BEB8019}
Operation:writeName:name
Value:
Brave Update
(PID) Process:(3196) BraveUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\BraveSoftware\Update\ClientState\{B131C935-9BE6-41DA-9599-1F776BEB8019}
Operation:writeName:pv
Value:
1.3.361.151
(PID) Process:(3196) BraveUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe
Operation:writeName:DisableExceptionChainValidation
Value:
0
(PID) Process:(6036) BraveUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\BraveSoftware\Update
Operation:delete valueName:uid
Value:
(PID) Process:(6036) BraveUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\BraveSoftware\Update
Operation:delete valueName:old-uid
Value:
(PID) Process:(6036) BraveUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BraveUpdate.exe
Operation:writeName:AppID
Value:
{08F15E98-0442-45D3-82F1-F67495CC51EB}
Executable files
222
Suspicious files
170
Text files
110
Unknown types
21

Dropped files

PID
Process
Filename
Type
2888BraveBrowserSetup-BRV010.exeC:\Users\admin\AppData\Local\Temp\GUMFFA9.tmp\psmachine_64.dllexecutable
MD5:D532910207F409DB9184111D7E9AF8CC
SHA256:D5E548EA2968E3B094A72EF580590F00C597A2C77580DEE7C4A3439E12FF8A77
2888BraveBrowserSetup-BRV010.exeC:\Users\admin\AppData\Local\Temp\GUMFFA9.tmp\BraveCrashHandlerArm64.exeexecutable
MD5:9D3F1CEB204BE2BF55E3CFCFA188E0F8
SHA256:AD9F529DD19216A4B2933E67AF613F79113430E4B4BA943CC04FADF769D0E519
2888BraveBrowserSetup-BRV010.exeC:\Users\admin\AppData\Local\Temp\GUMFFA9.tmp\BraveCrashHandler64.exeexecutable
MD5:C042FFBC36571E863B5D3F3AF667FBCE
SHA256:86A71C0EE1FB9A822225DDB51E34D25145FF012B2070A5FB7375F0B53C89EC53
2888BraveBrowserSetup-BRV010.exeC:\Users\admin\AppData\Local\Temp\GUMFFA9.tmp\psmachine_arm64.dllexecutable
MD5:A5780184B59A0CE5BA8794B9FAB8E35A
SHA256:B4D7863940263AE426407F7922823B53CCC866AD965FD90810CF4D55A00F4961
2888BraveBrowserSetup-BRV010.exeC:\Users\admin\AppData\Local\Temp\GUMFFA9.tmp\psuser_arm64.dllexecutable
MD5:0930F15D68E9BEB5CD80317598B6C20D
SHA256:AE384D5EA99B4B1C4AE9D1229B5F05E966C5BD7EDD250A92FC1B443358F8310E
2888BraveBrowserSetup-BRV010.exeC:\Users\admin\AppData\Local\Temp\GUMFFA9.tmp\goopdateres_am.dllexecutable
MD5:3EA25C7BE2076B1C2AB106EE5663854B
SHA256:DBD0EDB41F0FB8B23B2B8B33D7ACEE2F484E4A9E8D61D695367F8A3E8B5C2870
2888BraveBrowserSetup-BRV010.exeC:\Users\admin\AppData\Local\Temp\GUMFFA9.tmp\goopdateres_bg.dllexecutable
MD5:B94523400259096210B20D1AF73C97CC
SHA256:2CF6934DD9E27C8CE4D73FA784FA126CCB36CAB5FC7FDDCC7A2794D3ADC750DC
2888BraveBrowserSetup-BRV010.exeC:\Users\admin\AppData\Local\Temp\GUMFFA9.tmp\goopdateres_ar.dllexecutable
MD5:7CE5D716B6A5EB83A48C2C369B167080
SHA256:B21210C056C9261D608478A359AE5572CDBFE046D4F90068B90B7F7D979AB0D0
2888BraveBrowserSetup-BRV010.exeC:\Users\admin\AppData\Local\Temp\GUMFFA9.tmp\psuser.dllexecutable
MD5:6A67300F66D3C103508A5025C8AE8DB2
SHA256:34C733E5B41EA8E7F1D8BD6AC35AC89320B6101665A23B5186A8A77175A4995C
2888BraveBrowserSetup-BRV010.exeC:\Users\admin\AppData\Local\Temp\GUMFFA9.tmp\BraveUpdateComRegisterShell64.exeexecutable
MD5:E0D94029AAA2C053D8AE4DCF440C0D2D
SHA256:D8365150B8FA73A51C1416CB78A4A08061B3399264443DB5740BA8B3EC79988C
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
82
DNS requests
40
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5368
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
4424
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6372
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
5368
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D
unknown
whitelisted
3676
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
4132
OfficeClickToRun.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA77flR%2B3w%2FxBpruV2lte6A%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1428
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
5368
SearchApp.exe
131.253.33.254:443
a-ring-fallback.msedge.net
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
5368
SearchApp.exe
184.86.251.19:443
www.bing.com
Akamai International B.V.
DE
unknown
5900
slui.exe
20.83.72.98:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6012
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2616
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3952
svchost.exe
239.255.255.250:1900
whitelisted
1248
slui.exe
20.83.72.98:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5696
slui.exe
20.83.72.98:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
t-ring-fdv2.msedge.net
  • 13.107.237.254
unknown
settings-win.data.microsoft.com
  • 51.104.136.2
  • 20.73.194.208
whitelisted
a-ring-fallback.msedge.net
  • 131.253.33.254
unknown
www.bing.com
  • 184.86.251.19
  • 184.86.251.22
  • 184.86.251.27
whitelisted
google.com
  • 142.250.186.142
whitelisted
updates.bravesoftware.com
  • 13.32.121.124
  • 13.32.121.70
  • 13.32.121.47
  • 13.32.121.6
  • 18.239.18.104
  • 18.239.18.125
  • 18.239.18.93
  • 18.239.18.123
shared
dl.brave.com
whitelisted
updates-cdn.bravesoftware.com
  • 3.161.82.36
  • 3.161.82.23
  • 3.161.82.75
  • 3.161.82.8
whitelisted
fp-afd-nocache-ccp.azureedge.net
  • 13.107.246.60
whitelisted
login.live.com
  • 40.126.31.73
  • 20.190.159.75
  • 20.190.159.71
  • 20.190.159.68
  • 20.190.159.73
  • 20.190.159.2
  • 20.190.159.64
  • 40.126.31.67
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
BraveBrowserSetup-BRV010.exe