File name:

BraveBrowserSetup-BRV013.exe

Full analysis: https://app.any.run/tasks/3a2cc820-c6a2-4cf0-b274-8b6b7d2c887e
Verdict: Malicious activity
Analysis date: September 05, 2024, 15:32:56
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

26CACB110ADC55DAAB7CE691CD1C8D47

SHA1:

7FF5E87F5DE82DD2AAEDE17886DEB9CD35542B0D

SHA256:

8574DE2640912D6EBBCD4B1B1998BDC964EAECDD711239935E59385F04C68F7D

SSDEEP:

49152:DtGDzRUA8XBgihxDkhpdbzAwYbY59iZOfVVAMVsJuvVxHMdxGXsENpXnjmjI8meC:DezRU3BgihRkzdvAwdf803AxgxH5Xnv2

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • BraveBrowserSetup-BRV013.exe (PID: 5388)
      • BraveUpdateSetup.exe (PID: 5708)
      • BraveUpdate.exe (PID: 6748)

    • Reads security settings of Internet Explorer

      • BraveUpdate.exe (PID: 4292)
      • BraveUpdate.exe (PID: 6748)
      • BraveUpdate.exe (PID: 2208)

    • Disables SEHOP

      • BraveUpdate.exe (PID: 6748)

    • Starts itself from another location

      • BraveUpdate.exe (PID: 6748)

    • Creates/Modifies COM task schedule object

      • BraveUpdateComRegisterShell64.exe (PID: 5136)
      • BraveUpdate.exe (PID: 1432)
      • BraveUpdateComRegisterShell64.exe (PID: 3104)
      • BraveUpdateComRegisterShell64.exe (PID: 6312)

    • Executes as Windows Service

      • BraveUpdate.exe (PID: 6264)

  • INFO

    • Create files in a temporary directory

      • BraveBrowserSetup-BRV013.exe (PID: 5388)

    • Checks supported languages

      • BraveBrowserSetup-BRV013.exe (PID: 5388)
      • BraveUpdate.exe (PID: 4292)
      • BraveUpdateSetup.exe (PID: 5708)
      • BraveUpdate.exe (PID: 6748)
      • BraveUpdate.exe (PID: 6432)
      • BraveUpdateComRegisterShell64.exe (PID: 5136)
      • BraveUpdate.exe (PID: 1432)
      • BraveUpdateComRegisterShell64.exe (PID: 3104)
      • BraveUpdate.exe (PID: 2584)
      • BraveUpdateComRegisterShell64.exe (PID: 6312)
      • BraveUpdate.exe (PID: 2208)
      • BraveUpdate.exe (PID: 6264)

    • Process checks computer location settings

      • BraveUpdate.exe (PID: 4292)
      • BraveUpdate.exe (PID: 6748)

    • Reads the computer name

      • BraveUpdate.exe (PID: 4292)
      • BraveUpdate.exe (PID: 6748)
      • BraveUpdate.exe (PID: 6432)
      • BraveUpdate.exe (PID: 1432)
      • BraveUpdateComRegisterShell64.exe (PID: 6312)
      • BraveUpdateComRegisterShell64.exe (PID: 3104)
      • BraveUpdate.exe (PID: 2584)
      • BraveUpdateComRegisterShell64.exe (PID: 5136)
      • BraveUpdate.exe (PID: 2208)
      • BraveUpdate.exe (PID: 6264)

    • Creates files in the program directory

      • BraveUpdate.exe (PID: 6748)
      • BraveUpdate.exe (PID: 6264)

    • Checks proxy server information

      • BraveUpdate.exe (PID: 2584)
      • BraveUpdate.exe (PID: 2208)

    • Reads the software policy settings

      • BraveUpdate.exe (PID: 2584)
      • BraveUpdate.exe (PID: 6264)

    • Reads the machine GUID from the registry

      • BraveUpdate.exe (PID: 2584)
      • BraveUpdate.exe (PID: 6264)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (76.4)
.exe | Win32 Executable (generic) (12.4)
.exe | Generic Win/DOS Executable (5.5)
.exe | DOS Executable Generic (5.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:09:03 06:26:35+00:00
ImageFileCharacteristics: Executable, Large address aware, 32-bit
PEType: PE32
LinkerVersion: 14.41
CodeSize: 105984
InitializedDataSize: 1150976
UninitializedDataSize: -
EntryPoint: 0x6f24
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 1.3.361.151
ProductVersionNumber: 1.3.361.151
FileFlagsMask: 0x003f
FileFlags: Private build
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: BraveSoftware Inc.
FileDescription: BraveSoftware Update Setup
FileVersion: 1.3.361.151
InternalName: BraveSoftware Update Setup
OriginalFileName: BraveUpdateSetup.exe
ProductName: BraveSoftware Update
ProductVersion: 1.3.361.151
LanguageId: en
PrivateBuild: -
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
135
Monitored processes
12
Malicious processes
3
Suspicious processes
2

Behavior graph

Click at the process to see the details
start bravebrowsersetup-brv013.exe braveupdate.exe no specs braveupdatesetup.exe braveupdate.exe braveupdate.exe no specs braveupdate.exe no specs braveupdatecomregistershell64.exe no specs braveupdatecomregistershell64.exe no specs braveupdatecomregistershell64.exe no specs braveupdate.exe braveupdate.exe no specs braveupdate.exe

Process information

PID
CMD
Path
Indicators
Parent process
1432"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /regserverC:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeBraveUpdate.exe
User:
admin
Company:
BraveSoftware Inc.
Integrity Level:
HIGH
Description:
BraveSoftware Update
Exit code:
0
Version:
1.3.361.151
Modules
Images
c:\program files (x86)\bravesoftware\update\braveupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
2208"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /handoff "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none" /installsource taggedmi /sessionid "{DDFA0088-04C0-4031-A46E-23F55EF96B15}"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exeBraveUpdate.exe
User:
admin
Company:
BraveSoftware Inc.
Integrity Level:
HIGH
Description:
BraveSoftware Update
Version:
1.3.361.151
Modules
Images
c:\program files (x86)\bravesoftware\update\braveupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
2584"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTUxIiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjE1MSIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9IntEREZBMDA4OC0wNEMwLTQwMzEtQTQ2RS0yM0Y1NUVGOTZCMTV9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7REMwMjgwODAtRkQ4MS00NEM4LThBRDQtODk4NzRGNkI4MEY3fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSI0IiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ1LjQwNDYiIHNwPSIiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9IntCMTMxQzkzNS05QkU2LTQxREEtOTU5OS0xRjc3NkJFQjgwMTl9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxLjMuMzYxLjE1MSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSIxNTE2Ii8-PC9hcHA-PC9yZXF1ZXN0PgC:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
BraveUpdate.exe
User:
admin
Company:
BraveSoftware Inc.
Integrity Level:
HIGH
Description:
BraveSoftware Update
Exit code:
0
Version:
1.3.361.151
Modules
Images
c:\program files (x86)\bravesoftware\update\braveupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
3104"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exeBraveUpdate.exe
User:
admin
Company:
BraveSoftware Inc.
Integrity Level:
HIGH
Description:
BraveSoftware Update
Exit code:
0
Version:
1.3.361.151
Modules
Images
c:\program files (x86)\bravesoftware\update\1.3.361.151\braveupdatecomregistershell64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
4292C:\Users\admin\AppData\Local\Temp\GUMAD30.tmp\BraveUpdate.exe /installsource taggedmi /install "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none"C:\Users\admin\AppData\Local\Temp\GUMAD30.tmp\BraveUpdate.exeBraveBrowserSetup-BRV013.exe
User:
admin
Company:
BraveSoftware Inc.
Integrity Level:
MEDIUM
Description:
BraveSoftware Update
Version:
1.3.361.151
Modules
Images
c:\users\admin\appdata\local\temp\gumad30.tmp\braveupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
5136"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exeBraveUpdate.exe
User:
admin
Company:
BraveSoftware Inc.
Integrity Level:
HIGH
Description:
BraveSoftware Update
Exit code:
0
Version:
1.3.361.151
Modules
Images
c:\program files (x86)\bravesoftware\update\1.3.361.151\braveupdatecomregistershell64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
5388"C:\Users\admin\Desktop\BraveBrowserSetup-BRV013.exe" C:\Users\admin\Desktop\BraveBrowserSetup-BRV013.exe
explorer.exe
User:
admin
Company:
BraveSoftware Inc.
Integrity Level:
MEDIUM
Description:
BraveSoftware Update Setup
Version:
1.3.361.151
Modules
Images
c:\users\admin\desktop\bravebrowsersetup-brv013.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shlwapi.dll
5708"C:\Users\admin\AppData\Local\Temp\GUMAD30.tmp\BraveUpdateSetup.exe" /installsource taggedmi /install "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=release&installdataindex=default&referral=none" /installelevated /nomitagC:\Users\admin\AppData\Local\Temp\GUMAD30.tmp\BraveUpdateSetup.exe
BraveUpdate.exe
User:
admin
Company:
BraveSoftware Inc.
Integrity Level:
HIGH
Description:
BraveSoftware Update Setup
Version:
1.3.361.151
Modules
Images
c:\users\admin\appdata\local\temp\gumad30.tmp\braveupdatesetup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shlwapi.dll
6264"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /svcC:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
services.exe
User:
SYSTEM
Company:
BraveSoftware Inc.
Integrity Level:
SYSTEM
Description:
BraveSoftware Update
Version:
1.3.361.151
Modules
Images
c:\program files (x86)\bravesoftware\update\braveupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\msvcrt.dll
6312"C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exe" C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveUpdateComRegisterShell64.exeBraveUpdate.exe
User:
admin
Company:
BraveSoftware Inc.
Integrity Level:
HIGH
Description:
BraveSoftware Update
Exit code:
0
Version:
1.3.361.151
Modules
Images
c:\program files (x86)\bravesoftware\update\1.3.361.151\braveupdatecomregistershell64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
Total events
12 454
Read events
8 323
Write events
4 066
Delete events
65

Modification events

(PID) Process:(5388) BraveBrowserSetup-BRV013.exeKey:HKEY_CURRENT_USER\SOFTWARE\BraveSoftware\Promo
Operation:writeName:StubInstallerPath
Value:
C:\Users\admin\Desktop\BraveBrowserSetup-BRV013.exe
(PID) Process:(6748) BraveUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\BraveSoftware\Update
Operation:writeName:path
Value:
C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
(PID) Process:(6748) BraveUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\BraveSoftware\Update
Operation:writeName:UninstallCmdLine
Value:
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /uninstall
(PID) Process:(6748) BraveUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\BraveSoftware\Update\Clients\{B131C935-9BE6-41DA-9599-1F776BEB8019}
Operation:writeName:pv
Value:
1.3.361.151
(PID) Process:(6748) BraveUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\BraveSoftware\Update\Clients\{B131C935-9BE6-41DA-9599-1F776BEB8019}
Operation:writeName:name
Value:
Brave Update
(PID) Process:(6748) BraveUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\BraveSoftware\Update\ClientState\{B131C935-9BE6-41DA-9599-1F776BEB8019}
Operation:writeName:pv
Value:
1.3.361.151
(PID) Process:(6748) BraveUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BraveUpdate.exe
Operation:writeName:DisableExceptionChainValidation
Value:
0
(PID) Process:(6748) BraveUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\BraveSoftware\Update
Operation:writeName:brave_task_name_c
Value:
BraveSoftwareUpdateTaskMachineCore{54410DFC-32AA-41E6-9534-3149032A5E35}
(PID) Process:(6748) BraveUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\BraveSoftware\Update
Operation:writeName:brave_task_name_ua
Value:
BraveSoftwareUpdateTaskMachineUA{4028EDF3-5C5D-499A-9A64-27E55D51C5DD}
(PID) Process:(6748) BraveUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\BraveSoftware\Update
Operation:delete valueName:mi
Value:
Executable files
216
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
5388BraveBrowserSetup-BRV013.exeC:\Users\admin\AppData\Local\Temp\GUMAD30.tmp\goopdate.dllexecutable
MD5:771C48E3F834C771A3780B80C264FBE1
SHA256:EF4731784F1C7535F9AD96F91148DE042342954C0A97E1DB92DDF1FC2A0B20B3
5388BraveBrowserSetup-BRV013.exeC:\Users\admin\AppData\Local\Temp\GUMAD30.tmp\BraveUpdateOnDemand.exeexecutable
MD5:B814E347B70CBBC868E088D1FC99E0D9
SHA256:2F31BC23E1D86124E0849513F705220FBDF9873DA53BF81E6C7C5B4968727C5D
5388BraveBrowserSetup-BRV013.exeC:\Users\admin\AppData\Local\Temp\GUMAD30.tmp\BraveUpdateBroker.exeexecutable
MD5:C663C9BBE7CE7A45E57F69EF056EEA5D
SHA256:055301D3A119D162EF7DF1547A9358A5F79619001868E1A76B1094787A846187
5388BraveBrowserSetup-BRV013.exeC:\Users\admin\AppData\Local\Temp\GUMAD30.tmp\psmachine.dllexecutable
MD5:1ADE823482E1BDAB37823D12677DF43C
SHA256:ABF7D25CCBDE4BBEC532A57F0E467E03E16DE36A8EC198A012E4972FA14C7B26
5388BraveBrowserSetup-BRV013.exeC:\Users\admin\AppData\Local\Temp\GUMAD30.tmp\psmachine_64.dllexecutable
MD5:11DC7CA3BBAB590C95C4EBCA373E6966
SHA256:95E4C7181B282D40E3773BB6775B26D71AF3AB343B031116F188404F18F1FB1E
5388BraveBrowserSetup-BRV013.exeC:\Users\admin\AppData\Local\Temp\GUMAD30.tmp\psuser.dllexecutable
MD5:F5CBE35A0409AE7ADBCB2AC3E9F2C1F8
SHA256:5C9C635A7C115BD3067E012A85F133A1C986FEF2247BF828CDBBF4C0584C7A81
5388BraveBrowserSetup-BRV013.exeC:\Users\admin\AppData\Local\Temp\GUMAD30.tmp\BraveUpdateComRegisterShell64.exeexecutable
MD5:62AD24565EB471008DD9E69F1008FAD0
SHA256:334DFF1F82C240C2D47411C144A100F71C0852B170A694FB7FDDA2C6CBF6FBBE
5388BraveBrowserSetup-BRV013.exeC:\Users\admin\AppData\Local\Temp\GUMAD30.tmp\psuser_64.dllexecutable
MD5:66C6C47DE3E52BE3863DB41BB7BDFBF2
SHA256:28E41B5FCE8A16A854E85C9E3BC79D90946706DF63843AC4712A88CD569EEE0B
5388BraveBrowserSetup-BRV013.exeC:\Users\admin\AppData\Local\Temp\GUMAD30.tmp\BraveUpdate.exeexecutable
MD5:7FF35245BCFF6686747778789BBE0D4F
SHA256:E2753B0CF4E7B8707AAB03C30B841A0C4809C45EC711E10ABA562BDC699509C8
5388BraveBrowserSetup-BRV013.exeC:\Users\admin\AppData\Local\Temp\GUMAD30.tmp\BraveUpdateCore.exeexecutable
MD5:A8834237CC00488C85146E8AF5124325
SHA256:5DEE7342B9E6D25DAA4F0284270F6DD1CD92D578DA0241E443D635CC148D2C1A
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
20
DNS requests
8
Threats
3

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
52.85.65.37:443
https://updates-cdn.bravesoftware.com/build/Brave-Release/release/win/128.1.69.162/x64/brave_installer-x64.exe
unknown
unknown
608
svchost.exe
GET
200
23.32.185.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
2120
MoUsoCoreWorker.exe
GET
200
23.32.185.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
HEAD
200
52.85.65.111:443
https://updates-cdn.bravesoftware.com/build/Brave-Release/release/win/128.1.69.162/x64/brave_installer-x64.exe
unknown
unknown
POST
200
52.85.65.48:443
https://updates.bravesoftware.com/service/update2
unknown
xml
250 b
unknown
POST
200
52.85.65.61:443
https://updates.bravesoftware.com/service/update2?cup2key=2:YrFxqq7ylw1q67-vfOmRXBVWVS-mFYdxCQj1GzlS-70&cup2hreq=0cc8d46dcb77d0c85dc6c9de9428707993c8c0bd95d939013031e4d4f2bd301e
unknown
xml
6.14 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
608
svchost.exe
20.72.205.209:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
192.168.100.255:138
whitelisted
2120
MoUsoCoreWorker.exe
20.72.205.209:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
20.72.205.209:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
608
svchost.exe
23.32.185.131:80
www.microsoft.com
AKAMAI-AS
BR
whitelisted
2120
MoUsoCoreWorker.exe
23.32.185.131:80
www.microsoft.com
AKAMAI-AS
BR
whitelisted
2120
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
3888
svchost.exe
239.255.255.250:1900
whitelisted
2584
BraveUpdate.exe
18.239.18.93:443
updates.bravesoftware.com
US
shared
6264
BraveUpdate.exe
18.239.18.93:443
updates.bravesoftware.com
US
shared

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.72.205.209
  • 51.124.78.146
  • 51.104.136.2
whitelisted
google.com
  • 216.58.206.46
whitelisted
www.microsoft.com
  • 23.32.185.131
whitelisted
updates.bravesoftware.com
  • 18.239.18.93
  • 18.239.18.104
  • 18.239.18.123
  • 18.239.18.125
shared
dl.brave.com
whitelisted
updates-cdn.bravesoftware.com
  • 3.161.82.23
  • 3.161.82.8
  • 3.161.82.36
  • 3.161.82.75
whitelisted

Threats

Found threats are available for the paid subscriptions
3 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
BraveBrowserSetup-BRV013.exe