File name:

BraveBrowserSetup-BRV030.exe

Full analysis: https://app.any.run/tasks/e564ac4e-d5a7-45fd-a461-57b027461d54
Verdict: Malicious activity
Analysis date: November 28, 2023, 20:30:34
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

1CECC31F2E44182B572DB1055749B0B8

SHA1:

FD0E07BD77D3EF2CF0A543F3DDE1B78ACDC84319

SHA256:

D4440A3DABEE654DE186ABA67669FAC48C3A079BF271DC0D9B2A41474F201302

SSDEEP:

24576:rahOhf6qq4rBDm+rcgnoOaNEmZCiMoBQ/da+ay2dnELJnQVWGwhmHM/A+k4sxWvU:mhOhfTq4ZVr6TEq2o6/da+a3dkPGUmH9

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • BraveBrowserSetup-BRV030.exe (PID: 948)
      • BraveUpdate.exe (PID: 1736)
      • BraveUpdateSetup.exe (PID: 3592)

  • SUSPICIOUS

    • Starts itself from another location

      • BraveUpdate.exe (PID: 1736)

    • Creates/Modifies COM task schedule object

      • BraveUpdate.exe (PID: 2820)

    • Application launched itself

      • BraveUpdate.exe (PID: 1496)

    • Reads the Internet Settings

      • BraveUpdate.exe (PID: 3280)
      • BraveUpdate.exe (PID: 3140)

    • Executes as Windows Service

      • BraveUpdate.exe (PID: 1496)

    • Reads settings of System Certificates

      • BraveUpdate.exe (PID: 3280)
      • BraveUpdate.exe (PID: 3140)

  • INFO

    • Create files in a temporary directory

      • BraveBrowserSetup-BRV030.exe (PID: 948)

    • Checks supported languages

      • BraveBrowserSetup-BRV030.exe (PID: 948)
      • BraveUpdate.exe (PID: 3072)
      • BraveUpdate.exe (PID: 2980)
      • BraveUpdateSetup.exe (PID: 3592)
      • BraveUpdate.exe (PID: 1736)
      • BraveUpdate.exe (PID: 2820)
      • BraveUpdate.exe (PID: 3280)
      • wmpnscfg.exe (PID: 2336)
      • BraveUpdate.exe (PID: 3140)
      • BraveUpdate.exe (PID: 3188)
      • BraveUpdate.exe (PID: 1496)
      • wmpnscfg.exe (PID: 3212)

    • Reads the machine GUID from the registry

      • BraveUpdate.exe (PID: 2980)
      • BraveUpdate.exe (PID: 1736)
      • BraveUpdate.exe (PID: 3188)
      • BraveUpdate.exe (PID: 3280)
      • wmpnscfg.exe (PID: 2336)
      • BraveUpdate.exe (PID: 1496)
      • BraveUpdate.exe (PID: 3140)
      • wmpnscfg.exe (PID: 3212)

    • Creates files in the program directory

      • BraveUpdateSetup.exe (PID: 3592)
      • BraveUpdate.exe (PID: 1736)
      • BraveUpdate.exe (PID: 1496)

    • Reads the computer name

      • BraveUpdate.exe (PID: 3072)
      • BraveUpdate.exe (PID: 2980)
      • BraveUpdate.exe (PID: 1736)
      • BraveUpdate.exe (PID: 3280)
      • BraveUpdate.exe (PID: 2820)
      • wmpnscfg.exe (PID: 2336)
      • BraveUpdate.exe (PID: 3140)
      • BraveUpdate.exe (PID: 1496)
      • BraveUpdate.exe (PID: 3188)
      • wmpnscfg.exe (PID: 3212)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 2336)
      • wmpnscfg.exe (PID: 3212)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (76.4)
.exe | Win32 Executable (generic) (12.4)
.exe | Generic Win/DOS Executable (5.5)
.exe | DOS Executable Generic (5.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:05:09 12:52:26+02:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.29
CodeSize: 101888
InitializedDataSize: 1289728
UninitializedDataSize: -
EntryPoint: 0x699b
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 1.3.361.137
ProductVersionNumber: 1.3.361.137
FileFlagsMask: 0x003f
FileFlags: Private build
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: BraveSoftware Inc.
FileDescription: BraveSoftware Update Setup
FileVersion: 1.3.361.137
InternalName: BraveSoftware Update Setup
OriginalFileName: BraveUpdateSetup.exe
ProductName: BraveSoftware Update
ProductVersion: 1.3.361.137
LanguageId: en
PrivateBuild: -
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
50
Monitored processes
12
Malicious processes
7
Suspicious processes
0

Behavior graph

Click at the process to see the details
start bravebrowsersetup-brv030.exe no specs braveupdate.exe no specs braveupdatesetup.exe braveupdate.exe no specs braveupdate.exe no specs braveupdate.exe no specs braveupdate.exe braveupdate.exe no specs braveupdate.exe wmpnscfg.exe no specs braveupdate.exe wmpnscfg.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
948"C:\Users\admin\AppData\Local\Temp\BraveBrowserSetup-BRV030.exe" C:\Users\admin\AppData\Local\Temp\BraveBrowserSetup-BRV030.exeexplorer.exe
User:
admin
Company:
BraveSoftware Inc.
Integrity Level:
MEDIUM
Description:
BraveSoftware Update Setup
Exit code:
0
Version:
1.3.361.137
Modules
Images
c:\users\admin\appdata\local\temp\bravebrowsersetup-brv030.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
1496"C:\Program Files\BraveSoftware\Update\BraveUpdate.exe" /svcC:\Program Files\BraveSoftware\Update\BraveUpdate.exe
services.exe
User:
SYSTEM
Company:
BraveSoftware Inc.
Integrity Level:
SYSTEM
Description:
BraveSoftware Update
Exit code:
0
Version:
1.3.361.137
Modules
Images
c:\program files\bravesoftware\update\braveupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
1736"C:\Program Files\BraveSoftware\Temp\GUM4BA.tmp\BraveUpdate.exe" /installsource taggedmi /install "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=x64-rel&referral=none" /installelevatedC:\Program Files\BraveSoftware\Temp\GUM4BA.tmp\BraveUpdate.exeBraveUpdateSetup.exe
User:
admin
Company:
BraveSoftware Inc.
Integrity Level:
HIGH
Description:
BraveSoftware Update
Exit code:
0
Version:
1.3.361.137
Modules
Images
c:\program files\bravesoftware\temp\gum4ba.tmp\braveupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
2336"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ole32.dll
2820"C:\Program Files\BraveSoftware\Update\BraveUpdate.exe" /regserverC:\Program Files\BraveSoftware\Update\BraveUpdate.exeBraveUpdate.exe
User:
admin
Company:
BraveSoftware Inc.
Integrity Level:
HIGH
Description:
BraveSoftware Update
Exit code:
0
Version:
1.3.361.137
Modules
Images
c:\program files\bravesoftware\update\braveupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
2980C:\Users\admin\AppData\Local\Temp\GUMFC10.tmp\BraveUpdate.exe /installsource taggedmi /install "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=x64-rel&referral=none"C:\Users\admin\AppData\Local\Temp\GUMFC10.tmp\BraveUpdate.exeBraveBrowserSetup-BRV030.exe
User:
admin
Company:
BraveSoftware Inc.
Integrity Level:
MEDIUM
Description:
BraveSoftware Update
Exit code:
0
Version:
1.3.361.137
Modules
Images
c:\users\admin\appdata\local\temp\gumfc10.tmp\braveupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
3072"C:\Program Files\BraveSoftware\Update\BraveUpdate.exe" /regsvcC:\Program Files\BraveSoftware\Update\BraveUpdate.exeBraveUpdate.exe
User:
admin
Company:
BraveSoftware Inc.
Integrity Level:
HIGH
Description:
BraveSoftware Update
Exit code:
0
Version:
1.3.361.137
Modules
Images
c:\program files\bravesoftware\update\braveupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
3140"C:\Program Files\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTM3IiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjEzNyIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9Ins3NEE3QTk1MS03QUIxLTRDQTQtODlFNy1GQjJFMEQ0MDlBOUN9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7RThDNzhENEMtNDZDMC00RkI0LThGMjMtOTFCNkIzQzFENzkyfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSIzIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4yNDU0NiIgc3A9IlNlcnZpY2UgUGFjayAxIiBhcmNoPSJ4ODYiLz48YXBwIGFwcGlkPSJ7QUZFNkE0NjItQzU3NC00QjhBLUFGNDMtNENDNjBERjQ1NjNCfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTA5LjEuNDcuMTg2IiBhcD0ieDY0LXJlbCIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHBzOi8vdXBkYXRlcy1jZG4uYnJhdmVzb2Z0d2FyZS5jb20vYnVpbGQvQnJhdmUtUmVsZWFzZS94NjQtcmVsL3dpbi8xMDkuMS40Ny4xODYvYnJhdmVfaW5zdGFsbGVyLXg2NC5leGUiIGRvd25sb2FkZWQ9IjEwNTc2NjcwNCIgdG90YWw9IjEwNTc2NjcwNCIgZG93bmxvYWRfdGltZV9tcz0iNTk0MDYiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MjE5MTk5IiBleHRyYWNvZGUxPSItMjE0NzAyNDY4MCIgc291cmNlX3VybF9pbmRleD0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjE1MjA0IiBkb3dubG9hZF90aW1lX21zPSI2MzEwOSIgZG93bmxvYWRlZD0iMTA1NzY2NzA0IiB0b3RhbD0iMTA1NzY2NzA0IiBpbnN0YWxsX3RpbWVfbXM9IjU2MyIvPjwvYXBwPjwvcmVxdWVzdD4C:\Program Files\BraveSoftware\Update\BraveUpdate.exe
BraveUpdate.exe
User:
admin
Company:
BraveSoftware Inc.
Integrity Level:
HIGH
Description:
BraveSoftware Update
Exit code:
0
Version:
1.3.361.137
Modules
Images
c:\program files\bravesoftware\update\braveupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
3188"C:\Program Files\BraveSoftware\Update\BraveUpdate.exe" /handoff "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=x64-rel&referral=none" /installsource taggedmi /sessionid "{74A7A951-7AB1-4CA4-89E7-FB2E0D409A9C}"C:\Program Files\BraveSoftware\Update\BraveUpdate.exeBraveUpdate.exe
User:
admin
Company:
BraveSoftware Inc.
Integrity Level:
HIGH
Description:
BraveSoftware Update
Exit code:
0
Version:
1.3.361.137
Modules
Images
c:\program files\bravesoftware\update\braveupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
3212"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ole32.dll
Total events
12 226
Read events
10 261
Write events
1 938
Delete events
27

Modification events

(PID) Process:(3072) BraveUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BraveUpdate.exe
Operation:delete keyName:(default)
Value:
(PID) Process:(2820) BraveUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32
Operation:delete keyName:(default)
Value:
(PID) Process:(2820) BraveUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}
Operation:delete keyName:(default)
Value:
(PID) Process:(2820) BraveUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32
Operation:delete keyName:(default)
Value:
(PID) Process:(2820) BraveUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}
Operation:delete keyName:(default)
Value:
(PID) Process:(2820) BraveUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEA0569C-BA89-4E8E-836F-DE9700ABE0D4}\InprocHandler32
Operation:delete keyName:(default)
Value:
(PID) Process:(2820) BraveUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEA0569C-BA89-4E8E-836F-DE9700ABE0D4}
Operation:delete keyName:(default)
Value:
(PID) Process:(2820) BraveUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77E9D995-5028-4E23-BA62-C9EA9E4F8AC3}\InProcServer32
Operation:writeName:ThreadingModel
Value:
Both
(PID) Process:(1736) BraveUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\BraveSoftware\Update\PersistedPings\{8438B459-4B2A-430D-BC58-B2484DFB82F1}
Operation:delete keyName:(default)
Value:
(PID) Process:(3280) BraveUpdate.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\17F\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
Executable files
217
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
948BraveBrowserSetup-BRV030.exeC:\Users\admin\AppData\Local\Temp\GUMFC10.tmp\psmachine_arm64.dllexecutable
MD5:8344A5A5AAE7FC3B87CC41193217CBC4
SHA256:69AF95A8A95179E998C07FB4AFE602174BD0CE132D571F27BB98E047B6FE8E47
948BraveBrowserSetup-BRV030.exeC:\Users\admin\AppData\Local\Temp\GUMFC10.tmp\BraveCrashHandler64.exeexecutable
MD5:9936303DACBDB39ED2FCA2775255EF82
SHA256:D15BBCDA7FF5378F8B4C9AA8D89A212AD2077F7B4C2565C992E2E4DA1592F354
948BraveBrowserSetup-BRV030.exeC:\Users\admin\AppData\Local\Temp\GUMFC10.tmp\BraveUpdateComRegisterShell64.exeexecutable
MD5:D42E0C6AFE8BE9877802CE846E83A8C7
SHA256:EDDB4F2480FB8373687B3C343C4BC713AAA3EEFD52009C993BDB8A0B719DBB07
948BraveBrowserSetup-BRV030.exeC:\Users\admin\AppData\Local\Temp\GUMFC10.tmp\psmachine.dllexecutable
MD5:F64893A14687DBBFC9CCBC3B4582BD85
SHA256:4BF7EA2FF96C56F821C7C4D7582A0E6516984A955D22B04410E01BE4713E18E1
948BraveBrowserSetup-BRV030.exeC:\Users\admin\AppData\Local\Temp\GUMFC10.tmp\BraveUpdateBroker.exeexecutable
MD5:06EA331934BBD8D844017910F4C6EE69
SHA256:4D04CA347CEF1A7401E802D10966F109C76B645D8816800B3E550F3754BDCC7F
948BraveBrowserSetup-BRV030.exeC:\Users\admin\AppData\Local\Temp\GUMFC10.tmp\BraveUpdate.exeexecutable
MD5:3CC18F759209176A7E0733C5C8A89C1E
SHA256:165CE6EA87F6140D97ACFB9B040FF3EBABC6C4FBEEA62CC27E541BD1458AC4E7
948BraveBrowserSetup-BRV030.exeC:\Users\admin\AppData\Local\Temp\GUMFC10.tmp\BraveCrashHandler.exeexecutable
MD5:54605AE1B0F3B0706998EC18501A056A
SHA256:DC4394748072EBE2D6E24ED11ED6F30516AA1BDDAC2E382BF7D9C5AE218850BD
948BraveBrowserSetup-BRV030.exeC:\Users\admin\AppData\Local\Temp\GUMFC10.tmp\goopdate.dllexecutable
MD5:C67289EE5508F43819B5E92FB029C085
SHA256:6F8791629E42F7B1B8C9F1884E3AD6225CE2EEC113EBD0460B97523F55826549
948BraveBrowserSetup-BRV030.exeC:\Users\admin\AppData\Local\Temp\GUMFC10.tmp\BraveCrashHandlerArm64.exeexecutable
MD5:57B370CB9E8D0757D3B265DE71DB25E3
SHA256:DC3A987167798A3A92AC2EF3B1D0BF92903D2996396E84219C7F51B0FB1C1A21
948BraveBrowserSetup-BRV030.exeC:\Users\admin\AppData\Local\Temp\GUMFC10.tmp\psmachine_64.dllexecutable
MD5:080F0426675C2D1B20248212AA734847
SHA256:8ED2845E3E589C0CBC6104648825CCC6C3E1F557E378B940AD7213EDEB6C6F6D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
1
TCP/UDP connections
9
DNS requests
5
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1080
svchost.exe
GET
200
8.253.95.121:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?60b2f43ad8cf70d9
unknown
compressed
4.66 Kb
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
868
svchost.exe
95.101.148.135:80
Akamai International B.V.
NL
unknown
3280
BraveUpdate.exe
13.32.121.47:443
updates.bravesoftware.com
AMAZON-02
US
unknown
1496
BraveUpdate.exe
13.32.121.47:443
updates.bravesoftware.com
AMAZON-02
US
unknown
4
System
192.168.100.255:138
unknown
868
svchost.exe
23.35.228.137:80
armmf.adobe.com
AKAMAI-AS
DE
unknown
4
System
192.168.100.255:137
unknown
868
svchost.exe
108.138.7.28:443
updates-cdn.bravesoftware.com
AMAZON-02
US
unknown
3140
BraveUpdate.exe
13.32.121.70:443
updates.bravesoftware.com
AMAZON-02
US
unknown
1080
svchost.exe
8.253.95.121:80
ctldl.windowsupdate.com
LEVEL3
US
unknown

DNS requests

Domain
IP
Reputation
updates.bravesoftware.com
  • 13.32.121.47
  • 13.32.121.6
  • 13.32.121.124
  • 13.32.121.70
unknown
armmf.adobe.com
  • 23.35.228.137
unknown
updates-cdn.bravesoftware.com
  • 108.138.7.28
  • 108.138.7.67
  • 108.138.7.104
  • 108.138.7.45
unknown
ctldl.windowsupdate.com
  • 8.253.95.121
  • 67.26.137.254
  • 8.253.207.120
  • 67.27.235.126
  • 67.27.233.126
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
BraveBrowserSetup-BRV030.exe