File name:

BraveBrowserSetup-BRV011.exe

Full analysis: https://app.any.run/tasks/7430716e-b16d-42d1-9d77-9f01da225253
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: December 22, 2024, 23:28:50
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
stealer
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

06F058EEE50645758A81E8842353F372

SHA1:

15E9010BAB33F1733EA41B7C45D2DA5D74ED721B

SHA256:

854D06A90DAB54E7B69882925886FB24BE711FDC21884E13C77E29048B21A098

SSDEEP:

49152:ttGFxY9NEjyS29iXdvRkr3qvEw78kl/04nY1gJuBCj2BbBSerpzJ/WeARFwFWKWG:tsY7rrAX98kJnGg8xxptGRFwkKW9eNci

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • setup.exe (PID: 7156)

    • Actions looks like stealing of personal data

      • setup.exe (PID: 7156)
      • csrss.exe (PID: 616)
      • setup.exe (PID: 6280)
      • brave.exe (PID: 6300)
      • brave.exe (PID: 4516)
      • BraveUpdate.exe (PID: 2992)
      • brave.exe (PID: 2088)
      • brave.exe (PID: 3640)
      • services.exe (PID: 752)
      • brave.exe (PID: 5580)
      • elevation_service.exe (PID: 1020)
      • brave.exe (PID: 1864)
      • brave.exe (PID: 6808)
      • csrss.exe (PID: 532)
      • brave.exe (PID: 7120)
      • brave.exe (PID: 4136)
      • CompatTelRunner.exe (PID: 1080)

    • Steals credentials from Web Browsers

      • brave.exe (PID: 4516)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • BraveBrowserSetup-BRV011.exe (PID: 6464)
      • BraveUpdateSetup.exe (PID: 6820)
      • BraveUpdate.exe (PID: 6892)
      • brave_installer-x64.exe (PID: 7088)
      • setup.exe (PID: 7156)

    • Reads security settings of Internet Explorer

      • BraveUpdate.exe (PID: 6612)
      • BraveUpdate.exe (PID: 6148)
      • BraveUpdate.exe (PID: 6892)

    • Creates/Modifies COM task schedule object

      • BraveUpdateComRegisterShell64.exe (PID: 7120)
      • BraveUpdateComRegisterShell64.exe (PID: 7052)
      • BraveUpdate.exe (PID: 7016)
      • BraveUpdateComRegisterShell64.exe (PID: 7088)

    • Disables SEHOP

      • BraveUpdate.exe (PID: 6892)

    • Starts itself from another location

      • BraveUpdate.exe (PID: 6892)

    • Executes as Windows Service

      • BraveUpdate.exe (PID: 6252)
      • elevation_service.exe (PID: 1020)

    • Checks Windows Trust Settings

      • BraveUpdate.exe (PID: 6148)

    • Application launched itself

      • setup.exe (PID: 7156)
      • setup.exe (PID: 6280)
      • BraveUpdate.exe (PID: 6252)
      • brave.exe (PID: 4516)

    • Searches for installed software

      • setup.exe (PID: 7156)
      • setup.exe (PID: 6280)
      • CompatTelRunner.exe (PID: 1080)

    • Creates a software uninstall entry

      • setup.exe (PID: 7156)

  • INFO

    • The sample compiled with czech language support

      • BraveBrowserSetup-BRV011.exe (PID: 6464)
      • BraveUpdateSetup.exe (PID: 6820)
      • BraveUpdate.exe (PID: 6892)

    • The sample compiled with bulgarian language support

      • BraveBrowserSetup-BRV011.exe (PID: 6464)
      • BraveUpdateSetup.exe (PID: 6820)
      • BraveUpdate.exe (PID: 6892)

    • Checks supported languages

      • BraveBrowserSetup-BRV011.exe (PID: 6464)
      • BraveUpdate.exe (PID: 6612)
      • BraveUpdateSetup.exe (PID: 6820)
      • BraveUpdate.exe (PID: 6892)
      • BraveUpdate.exe (PID: 6936)
      • BraveUpdate.exe (PID: 7016)
      • BraveUpdateComRegisterShell64.exe (PID: 7052)
      • BraveUpdateComRegisterShell64.exe (PID: 7088)
      • BraveUpdateComRegisterShell64.exe (PID: 7120)
      • BraveUpdate.exe (PID: 2224)
      • BraveUpdate.exe (PID: 6148)
      • BraveUpdate.exe (PID: 6252)
      • brave_installer-x64.exe (PID: 7088)
      • setup.exe (PID: 7156)
      • setup.exe (PID: 7032)
      • setup.exe (PID: 6280)
      • setup.exe (PID: 6176)
      • BraveUpdateOnDemand.exe (PID: 4400)
      • BraveUpdate.exe (PID: 2992)
      • BraveUpdate.exe (PID: 6496)
      • brave.exe (PID: 3640)
      • brave.exe (PID: 2088)
      • brave.exe (PID: 4516)
      • brave.exe (PID: 6808)
      • elevation_service.exe (PID: 1020)
      • brave.exe (PID: 1864)
      • brave.exe (PID: 5580)
      • brave.exe (PID: 7120)

    • Create files in a temporary directory

      • BraveBrowserSetup-BRV011.exe (PID: 6464)
      • brave.exe (PID: 4516)

    • The sample compiled with english language support

      • BraveBrowserSetup-BRV011.exe (PID: 6464)
      • BraveUpdateSetup.exe (PID: 6820)
      • BraveUpdate.exe (PID: 6892)
      • brave_installer-x64.exe (PID: 7088)
      • setup.exe (PID: 7156)

    • The sample compiled with french language support

      • BraveBrowserSetup-BRV011.exe (PID: 6464)
      • BraveUpdateSetup.exe (PID: 6820)
      • BraveUpdate.exe (PID: 6892)

    • The sample compiled with Italian language support

      • BraveBrowserSetup-BRV011.exe (PID: 6464)
      • BraveUpdateSetup.exe (PID: 6820)
      • BraveUpdate.exe (PID: 6892)

    • The sample compiled with Indonesian language support

      • BraveBrowserSetup-BRV011.exe (PID: 6464)
      • BraveUpdateSetup.exe (PID: 6820)
      • BraveUpdate.exe (PID: 6892)

    • The sample compiled with german language support

      • BraveBrowserSetup-BRV011.exe (PID: 6464)
      • BraveUpdateSetup.exe (PID: 6820)
      • BraveUpdate.exe (PID: 6892)

    • The sample compiled with arabic language support

      • BraveBrowserSetup-BRV011.exe (PID: 6464)
      • BraveUpdateSetup.exe (PID: 6820)
      • BraveUpdate.exe (PID: 6892)

    • The sample compiled with japanese language support

      • BraveBrowserSetup-BRV011.exe (PID: 6464)
      • BraveUpdateSetup.exe (PID: 6820)
      • BraveUpdate.exe (PID: 6892)

    • The sample compiled with polish language support

      • BraveBrowserSetup-BRV011.exe (PID: 6464)
      • BraveUpdateSetup.exe (PID: 6820)
      • BraveUpdate.exe (PID: 6892)

    • The sample compiled with korean language support

      • BraveBrowserSetup-BRV011.exe (PID: 6464)
      • BraveUpdateSetup.exe (PID: 6820)
      • BraveUpdate.exe (PID: 6892)

    • The sample compiled with chinese language support

      • BraveBrowserSetup-BRV011.exe (PID: 6464)
      • BraveUpdateSetup.exe (PID: 6820)
      • BraveUpdate.exe (PID: 6892)

    • The sample compiled with swedish language support

      • BraveBrowserSetup-BRV011.exe (PID: 6464)
      • BraveUpdateSetup.exe (PID: 6820)
      • BraveUpdate.exe (PID: 6892)

    • The sample compiled with russian language support

      • BraveBrowserSetup-BRV011.exe (PID: 6464)
      • BraveUpdateSetup.exe (PID: 6820)
      • BraveUpdate.exe (PID: 6892)

    • The sample compiled with turkish language support

      • BraveBrowserSetup-BRV011.exe (PID: 6464)
      • BraveUpdateSetup.exe (PID: 6820)
      • BraveUpdate.exe (PID: 6892)

    • Reads the computer name

      • BraveUpdate.exe (PID: 6612)
      • BraveUpdate.exe (PID: 6892)
      • BraveUpdate.exe (PID: 7016)
      • BraveUpdateComRegisterShell64.exe (PID: 7052)
      • BraveUpdateComRegisterShell64.exe (PID: 7088)
      • BraveUpdateComRegisterShell64.exe (PID: 7120)
      • BraveUpdate.exe (PID: 2224)
      • BraveUpdate.exe (PID: 6936)
      • BraveUpdate.exe (PID: 6148)
      • BraveUpdate.exe (PID: 6252)
      • brave_installer-x64.exe (PID: 7088)
      • setup.exe (PID: 7156)
      • setup.exe (PID: 6280)
      • BraveUpdate.exe (PID: 6496)
      • BraveUpdate.exe (PID: 2992)
      • brave.exe (PID: 4516)
      • elevation_service.exe (PID: 1020)
      • brave.exe (PID: 3640)

    • Process checks computer location settings

      • BraveUpdate.exe (PID: 6612)
      • BraveUpdate.exe (PID: 6892)
      • brave.exe (PID: 4516)
      • brave.exe (PID: 5580)

    • Creates files in the program directory

      • BraveUpdate.exe (PID: 6892)
      • BraveUpdate.exe (PID: 6252)
      • brave_installer-x64.exe (PID: 7088)
      • setup.exe (PID: 7156)
      • setup.exe (PID: 6280)

    • Reads the machine GUID from the registry

      • BraveUpdate.exe (PID: 6148)

    • Reads the software policy settings

      • BraveUpdate.exe (PID: 2224)
      • BraveUpdate.exe (PID: 6252)
      • BraveUpdate.exe (PID: 6148)
      • BraveUpdate.exe (PID: 6496)
      • CompatTelRunner.exe (PID: 1080)

    • Checks proxy server information

      • BraveUpdate.exe (PID: 6148)
      • BraveUpdate.exe (PID: 2224)
      • brave.exe (PID: 4516)

    • Creates files or folders in the user directory

      • BraveUpdate.exe (PID: 6148)
      • setup.exe (PID: 6280)
      • setup.exe (PID: 7156)
      • brave.exe (PID: 4516)
      • brave.exe (PID: 2088)
      • brave.exe (PID: 6300)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (76.4)
.exe | Win32 Executable (generic) (12.4)
.exe | Generic Win/DOS Executable (5.5)
.exe | DOS Executable Generic (5.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:12:19 06:26:12+00:00
ImageFileCharacteristics: Executable, Large address aware, 32-bit
PEType: PE32
LinkerVersion: 14.41
CodeSize: 105984
InitializedDataSize: 1150464
UninitializedDataSize: -
EntryPoint: 0x6f24
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 1.3.361.151
ProductVersionNumber: 1.3.361.151
FileFlagsMask: 0x003f
FileFlags: Private build
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: BraveSoftware Inc.
FileDescription: BraveSoftware Update Setup
FileVersion: 1.3.361.151
InternalName: BraveSoftware Update Setup
OriginalFileName: BraveUpdateSetup.exe
ProductName: BraveSoftware Update
ProductVersion: 1.3.361.151
LanguageId: en
PrivateBuild: -
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
163
Monitored processes
39
Malicious processes
22
Suspicious processes
3

Behavior graph

Click at the process to see the details
start bravebrowsersetup-brv011.exe braveupdate.exe no specs braveupdatesetup.exe braveupdate.exe braveupdate.exe no specs braveupdate.exe no specs braveupdatecomregistershell64.exe no specs braveupdatecomregistershell64.exe no specs braveupdatecomregistershell64.exe no specs braveupdate.exe braveupdate.exe braveupdate.exe brave_installer-x64.exe setup.exe setup.exe no specs setup.exe setup.exe no specs braveupdate.exe braveupdateondemand.exe no specs braveupdate.exe brave.exe brave.exe brave.exe brave.exe elevation_service.exe brave.exe brave.exe brave.exe compattelrunner.exe brave.exe brave.exe brave.exe no specs brave.exe no specs brave.exe no specs brave.exe no specs brave.exe no specs csrss.exe csrss.exe services.exe

Process information

PID
CMD
Path
Indicators
Parent process
532%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16C:\Windows\System32\csrss.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Client Server Runtime Process
Version:
10.0.19041.1 (WinBuild.160101.0800)
616%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16C:\Windows\System32\csrss.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Client Server Runtime Process
Version:
10.0.19041.1 (WinBuild.160101.0800)
752C:\WINDOWS\system32\services.exeC:\Windows\System32\services.exe
wininit.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Services and Controller app
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\apphelp.dll
1020"C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\elevation_service.exe"C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.104\elevation_service.exe
services.exe
User:
SYSTEM
Company:
Brave Software, Inc.
Integrity Level:
SYSTEM
Description:
Brave Browser
Exit code:
0
Version:
131.1.73.104
Modules
Images
c:\program files\bravesoftware\brave-browser\application\131.1.73.104\elevation_service.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\oleaut32.dll
1080C:\WINDOWS\system32\compattelrunner.exe -m:aeinv.dll -f:UpdateSoftwareInventoryWC:\Windows\System32\CompatTelRunner.exe
svchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft Compatibility Telemetry
Version:
10.0.19645.1102 (WinBuild.160101.0800)
1864"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --string-annotations=is-enterprise-managed=no --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --start-stack-profiler --brave_session_token=17828936102052243543 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3560,i,17058466585498342210,8830606316989747684,262144 --variations-seed-version=main@3a09998d5ff0a851670d371abde73918c5294641 --mojo-platform-channel-handle=3412 /prefetch:1C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
brave.exe
User:
admin
Company:
Brave Software, Inc.
Integrity Level:
LOW
Description:
Brave Browser
Version:
131.1.73.104
2088"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\BraveSoftware\Brave-Browser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Crashpad" --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=131.1.73.104 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff8220a1d18,0x7ff8220a1d24,0x7ff8220a1d30C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
brave.exe
User:
admin
Company:
Brave Software, Inc.
Integrity Level:
MEDIUM
Description:
Brave Browser
Version:
131.1.73.104
Modules
Images
c:\program files\bravesoftware\brave-browser\application\brave.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\bravesoftware\brave-browser\application\131.1.73.104\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
2224"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTUxIiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjE1MSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9IntCQjdDMkVBQy04Q0RCLTQ1RjctQjkzRC04NDNFOTYwNUVENUN9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7RDZGNEEyRkYtMDUyNi00QzM4LThDMjUtOEJFNDkwRjQ4MTUwfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSI0IiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ1LjQwNDYiIHNwPSIiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9IntCMTMxQzkzNS05QkU2LTQxREEtOTU5OS0xRjc3NkJFQjgwMTl9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxLjMuMzYxLjE1MSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSIxMTEwIi8-PC9hcHA-PC9yZXF1ZXN0PgC:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
BraveUpdate.exe
User:
admin
Company:
BraveSoftware Inc.
Integrity Level:
HIGH
Description:
BraveSoftware Update
Exit code:
0
Version:
1.3.361.151
Modules
Images
c:\program files (x86)\bravesoftware\update\braveupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
2992"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ondemand C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
BraveUpdateOnDemand.exe
User:
admin
Company:
BraveSoftware Inc.
Integrity Level:
MEDIUM
Description:
BraveSoftware Update
Exit code:
0
Version:
1.3.361.151
Modules
Images
c:\program files (x86)\bravesoftware\update\braveupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
3640"C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=gpu-process --string-annotations=is-enterprise-managed=no --start-stack-profiler --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2044,i,17058466585498342210,8830606316989747684,262144 --variations-seed-version=main@3a09998d5ff0a851670d371abde73918c5294641 --mojo-platform-channel-handle=2040 /prefetch:2C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
brave.exe
User:
admin
Company:
Brave Software, Inc.
Integrity Level:
LOW
Description:
Brave Browser
Version:
131.1.73.104
Modules
Images
c:\program files\bravesoftware\brave-browser\application\brave.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\bravesoftware\brave-browser\application\131.1.73.104\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
Total events
35 391
Read events
33 679
Write events
1 590
Delete events
122

Modification events

(PID) Process:(6464) BraveBrowserSetup-BRV011.exeKey:HKEY_CURRENT_USER\SOFTWARE\BraveSoftware\Promo
Operation:writeName:StubInstallerPath
Value:
C:\Users\admin\AppData\Local\Temp\BraveBrowserSetup-BRV011.exe
(PID) Process:(6892) BraveUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\BraveSoftware\Update
Operation:writeName:path
Value:
C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
(PID) Process:(6892) BraveUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\BraveSoftware\Update
Operation:writeName:UninstallCmdLine
Value:
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /uninstall
(PID) Process:(6892) BraveUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\BraveSoftware\Update\Clients\{B131C935-9BE6-41DA-9599-1F776BEB8019}
Operation:writeName:pv
Value:
1.3.361.151
(PID) Process:(6892) BraveUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\BraveSoftware\Update\Clients\{B131C935-9BE6-41DA-9599-1F776BEB8019}
Operation:writeName:name
Value:
Brave Update
(PID) Process:(6892) BraveUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\BraveSoftware\Update\ClientState\{B131C935-9BE6-41DA-9599-1F776BEB8019}
Operation:writeName:pv
Value:
1.3.361.151
(PID) Process:(6892) BraveUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe
Operation:writeName:DisableExceptionChainValidation
Value:
0
(PID) Process:(6892) BraveUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\BraveSoftware\Update
Operation:writeName:brave_task_name_c
Value:
BraveSoftwareUpdateTaskMachineCore{9F67D8F9-C282-4E2B-8A86-96792EEBF320}
(PID) Process:(6892) BraveUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\BraveSoftware\Update
Operation:writeName:brave_task_name_ua
Value:
BraveSoftwareUpdateTaskMachineUA{B176A0E3-7287-49DD-9E84-9655375D964C}
(PID) Process:(6936) BraveUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\BraveSoftware\Update
Operation:delete valueName:uid
Value:
Executable files
223
Suspicious files
83
Text files
55
Unknown types
13

Dropped files

PID
Process
Filename
Type
6464BraveBrowserSetup-BRV011.exeC:\Users\admin\AppData\Local\Temp\GUM53FF.tmp\BraveCrashHandlerArm64.exeexecutable
MD5:E2C7FC3A842C66F204A71680EA65BE48
SHA256:024E34C8D8EC714E98A82A6DF2DE2252F2E0028F91B3CCC928F53498179A7CA2
6464BraveBrowserSetup-BRV011.exeC:\Users\admin\AppData\Local\Temp\GUM53FF.tmp\BraveUpdateOnDemand.exeexecutable
MD5:F7646F340CBA7902AB97DEEB1E2F1042
SHA256:6FB801FACAB06F3E165BDBF0A2D9846E615EF6811CB3B23B5ADD3873B470F32F
6464BraveBrowserSetup-BRV011.exeC:\Users\admin\AppData\Local\Temp\GUM53FF.tmp\goopdate.dllexecutable
MD5:371CA63D32E87DC52FBEB61E32F0B5AD
SHA256:509D0DA97DAF68177E9AC67768BDC249069E6C524D016546413DF78F96CA5B71
6464BraveBrowserSetup-BRV011.exeC:\Users\admin\AppData\Local\Temp\GUM53FF.tmp\BraveUpdateBroker.exeexecutable
MD5:60A82F48DC03CD29FE5835B71C3E1BD1
SHA256:85B2DF5805E2AD1E42DEB60FD72861DADA198AEDAAAFBC9DB8FCB68E1AFD44A0
6464BraveBrowserSetup-BRV011.exeC:\Users\admin\AppData\Local\Temp\GUM53FF.tmp\BraveUpdateComRegisterShell64.exeexecutable
MD5:0AB8BC5E7781D4D8ADF8E9042A092B01
SHA256:413516C1B9256AC6091789AB02EE8374720A8E4D3E4FF02F9DCCBED707E1D5E3
6464BraveBrowserSetup-BRV011.exeC:\Users\admin\AppData\Local\Temp\GUM53FF.tmp\BraveUpdate.exeexecutable
MD5:EE743BC7055CD46C5DC436C2E31FBB2F
SHA256:FB5355F32B99974FCCE4EEAF47EB285B7A5EEED743389EF86CD781227885F7DE
6464BraveBrowserSetup-BRV011.exeC:\Users\admin\AppData\Local\Temp\GUM53FF.tmp\psuser.dllexecutable
MD5:85866F7AAE72F095E5CB2367738D5F6D
SHA256:02E713B615A6BD0B57674BCACC4A128B2F6914F03EC1BA2918AC040B8DD809BB
6464BraveBrowserSetup-BRV011.exeC:\Users\admin\AppData\Local\Temp\GUM53FF.tmp\psuser_arm64.dllexecutable
MD5:2E887992D71D9C059EFBC9DB1F8AE921
SHA256:18484450FAC7102BEF4C0344DB647AA85F51D39EAB96E2AC7B3FCF898094334A
6464BraveBrowserSetup-BRV011.exeC:\Users\admin\AppData\Local\Temp\GUM53FF.tmp\psmachine.dllexecutable
MD5:6F55C8559C92C580EC5D711925B7349B
SHA256:C50891DF7B08078BD22F3187A74490A659E2BEE122A45FD1925B72F3518FBDDB
6464BraveBrowserSetup-BRV011.exeC:\Users\admin\AppData\Local\Temp\GUM53FF.tmp\BraveUpdateComRegisterShellArm64.exeexecutable
MD5:D0AC42D1758FD7D7C358AD2AFCE07B01
SHA256:35DFF5C835B1E56F004FD744C2E9C66495130BF8DE1A35BB216FDD21D012D12D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
10
TCP/UDP connections
38
DNS requests
36
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
23.48.23.156:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
1176
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6148
BraveUpdate.exe
GET
200
18.245.38.41:80
http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwdzEkpLy9ROx7U76vGUhC06D6E%3D
unknown
unknown
6796
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
6544
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
6796
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
6544
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
23.48.23.156:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
5064
SearchApp.exe
104.126.37.145:443
www.bing.com
Akamai International B.V.
DE
whitelisted
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
4
System
192.168.100.255:138
whitelisted
1176
svchost.exe
40.126.32.68:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1076
svchost.exe
23.35.238.131:443
go.microsoft.com
AKAMAI-AS
DE
whitelisted
1176
svchost.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
whitelisted
crl.microsoft.com
  • 23.48.23.156
  • 23.48.23.143
whitelisted
www.microsoft.com
  • 184.30.21.171
  • 95.101.149.131
whitelisted
google.com
  • 142.250.185.78
whitelisted
www.bing.com
  • 104.126.37.145
  • 104.126.37.163
  • 104.126.37.128
  • 104.126.37.176
  • 104.126.37.131
  • 104.126.37.136
  • 104.126.37.139
  • 104.126.37.123
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
login.live.com
  • 40.126.32.68
  • 40.126.32.72
  • 40.126.32.74
  • 40.126.32.136
  • 20.190.160.17
  • 40.126.32.134
  • 20.190.160.22
  • 40.126.32.138
whitelisted
go.microsoft.com
  • 23.35.238.131
whitelisted
updates.bravesoftware.com
  • 13.32.121.47
  • 13.32.121.70
  • 13.32.121.124
  • 13.32.121.6
shared
dl.brave.com
  • 13.32.99.123
  • 13.32.99.14
  • 13.32.99.23
  • 13.32.99.78
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
BraveBrowserSetup-BRV011.exe