File name:

BraveBrowserSetup-BRV030.exe

Full analysis: https://app.any.run/tasks/e564ac4e-d5a7-45fd-a461-57b027461d54
Verdict: Malicious activity
Analysis date: November 28, 2023, 20:30:34
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

1CECC31F2E44182B572DB1055749B0B8

SHA1:

FD0E07BD77D3EF2CF0A543F3DDE1B78ACDC84319

SHA256:

D4440A3DABEE654DE186ABA67669FAC48C3A079BF271DC0D9B2A41474F201302

SSDEEP:

24576:rahOhf6qq4rBDm+rcgnoOaNEmZCiMoBQ/da+ay2dnELJnQVWGwhmHM/A+k4sxWvU:mhOhfTq4ZVr6TEq2o6/da+a3dkPGUmH9

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • BraveUpdate.exe (PID: 1736)
      • BraveBrowserSetup-BRV030.exe (PID: 948)
      • BraveUpdateSetup.exe (PID: 3592)

  • SUSPICIOUS

    • Starts itself from another location

      • BraveUpdate.exe (PID: 1736)

    • Creates/Modifies COM task schedule object

      • BraveUpdate.exe (PID: 2820)

    • Reads the Internet Settings

      • BraveUpdate.exe (PID: 3280)
      • BraveUpdate.exe (PID: 3140)

    • Executes as Windows Service

      • BraveUpdate.exe (PID: 1496)

    • Reads settings of System Certificates

      • BraveUpdate.exe (PID: 3280)
      • BraveUpdate.exe (PID: 3140)

    • Application launched itself

      • BraveUpdate.exe (PID: 1496)

  • INFO

    • Checks supported languages

      • BraveBrowserSetup-BRV030.exe (PID: 948)
      • BraveUpdate.exe (PID: 2980)
      • BraveUpdateSetup.exe (PID: 3592)
      • BraveUpdate.exe (PID: 1736)
      • BraveUpdate.exe (PID: 3072)
      • BraveUpdate.exe (PID: 2820)
      • BraveUpdate.exe (PID: 3280)
      • BraveUpdate.exe (PID: 3188)
      • BraveUpdate.exe (PID: 1496)
      • wmpnscfg.exe (PID: 2336)
      • BraveUpdate.exe (PID: 3140)
      • wmpnscfg.exe (PID: 3212)

    • Create files in a temporary directory

      • BraveBrowserSetup-BRV030.exe (PID: 948)

    • Reads the computer name

      • BraveUpdate.exe (PID: 2980)
      • BraveUpdate.exe (PID: 1736)
      • BraveUpdate.exe (PID: 3072)
      • BraveUpdate.exe (PID: 2820)
      • BraveUpdate.exe (PID: 3280)
      • BraveUpdate.exe (PID: 3188)
      • BraveUpdate.exe (PID: 1496)
      • wmpnscfg.exe (PID: 2336)
      • wmpnscfg.exe (PID: 3212)
      • BraveUpdate.exe (PID: 3140)

    • Reads the machine GUID from the registry

      • BraveUpdate.exe (PID: 2980)
      • BraveUpdate.exe (PID: 1736)
      • BraveUpdate.exe (PID: 3188)
      • BraveUpdate.exe (PID: 1496)
      • BraveUpdate.exe (PID: 3280)
      • wmpnscfg.exe (PID: 2336)
      • BraveUpdate.exe (PID: 3140)
      • wmpnscfg.exe (PID: 3212)

    • Creates files in the program directory

      • BraveUpdateSetup.exe (PID: 3592)
      • BraveUpdate.exe (PID: 1736)
      • BraveUpdate.exe (PID: 1496)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 2336)
      • wmpnscfg.exe (PID: 3212)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (76.4)
.exe | Win32 Executable (generic) (12.4)
.exe | Generic Win/DOS Executable (5.5)
.exe | DOS Executable Generic (5.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:05:09 12:52:26+02:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.29
CodeSize: 101888
InitializedDataSize: 1289728
UninitializedDataSize: -
EntryPoint: 0x699b
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 1.3.361.137
ProductVersionNumber: 1.3.361.137
FileFlagsMask: 0x003f
FileFlags: Private build
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: BraveSoftware Inc.
FileDescription: BraveSoftware Update Setup
FileVersion: 1.3.361.137
InternalName: BraveSoftware Update Setup
OriginalFileName: BraveUpdateSetup.exe
ProductName: BraveSoftware Update
ProductVersion: 1.3.361.137
LanguageId: en
PrivateBuild: -
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
50
Monitored processes
12
Malicious processes
7
Suspicious processes
0

Behavior graph

Click at the process to see the details
start bravebrowsersetup-brv030.exe no specs braveupdate.exe no specs braveupdatesetup.exe braveupdate.exe no specs braveupdate.exe no specs braveupdate.exe no specs braveupdate.exe braveupdate.exe no specs braveupdate.exe wmpnscfg.exe no specs braveupdate.exe wmpnscfg.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
948"C:\Users\admin\AppData\Local\Temp\BraveBrowserSetup-BRV030.exe" C:\Users\admin\AppData\Local\Temp\BraveBrowserSetup-BRV030.exeexplorer.exe
User:
admin
Company:
BraveSoftware Inc.
Integrity Level:
MEDIUM
Description:
BraveSoftware Update Setup
Exit code:
0
Version:
1.3.361.137
Modules
Images
c:\users\admin\appdata\local\temp\bravebrowsersetup-brv030.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
1496"C:\Program Files\BraveSoftware\Update\BraveUpdate.exe" /svcC:\Program Files\BraveSoftware\Update\BraveUpdate.exe
services.exe
User:
SYSTEM
Company:
BraveSoftware Inc.
Integrity Level:
SYSTEM
Description:
BraveSoftware Update
Exit code:
0
Version:
1.3.361.137
Modules
Images
c:\program files\bravesoftware\update\braveupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
1736"C:\Program Files\BraveSoftware\Temp\GUM4BA.tmp\BraveUpdate.exe" /installsource taggedmi /install "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=x64-rel&referral=none" /installelevatedC:\Program Files\BraveSoftware\Temp\GUM4BA.tmp\BraveUpdate.exeBraveUpdateSetup.exe
User:
admin
Company:
BraveSoftware Inc.
Integrity Level:
HIGH
Description:
BraveSoftware Update
Exit code:
0
Version:
1.3.361.137
Modules
Images
c:\program files\bravesoftware\temp\gum4ba.tmp\braveupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
2336"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ole32.dll
2820"C:\Program Files\BraveSoftware\Update\BraveUpdate.exe" /regserverC:\Program Files\BraveSoftware\Update\BraveUpdate.exeBraveUpdate.exe
User:
admin
Company:
BraveSoftware Inc.
Integrity Level:
HIGH
Description:
BraveSoftware Update
Exit code:
0
Version:
1.3.361.137
Modules
Images
c:\program files\bravesoftware\update\braveupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
2980C:\Users\admin\AppData\Local\Temp\GUMFC10.tmp\BraveUpdate.exe /installsource taggedmi /install "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=x64-rel&referral=none"C:\Users\admin\AppData\Local\Temp\GUMFC10.tmp\BraveUpdate.exeBraveBrowserSetup-BRV030.exe
User:
admin
Company:
BraveSoftware Inc.
Integrity Level:
MEDIUM
Description:
BraveSoftware Update
Exit code:
0
Version:
1.3.361.137
Modules
Images
c:\users\admin\appdata\local\temp\gumfc10.tmp\braveupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
3072"C:\Program Files\BraveSoftware\Update\BraveUpdate.exe" /regsvcC:\Program Files\BraveSoftware\Update\BraveUpdate.exeBraveUpdate.exe
User:
admin
Company:
BraveSoftware Inc.
Integrity Level:
HIGH
Description:
BraveSoftware Update
Exit code:
0
Version:
1.3.361.137
Modules
Images
c:\program files\bravesoftware\update\braveupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
3140"C:\Program Files\BraveSoftware\Update\BraveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNjEuMTM3IiBzaGVsbF92ZXJzaW9uPSIxLjMuMzYxLjEzNyIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9Ins3NEE3QTk1MS03QUIxLTRDQTQtODlFNy1GQjJFMEQ0MDlBOUN9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgdGVzdHNvdXJjZT0iYXV0byIgcmVxdWVzdGlkPSJ7RThDNzhENEMtNDZDMC00RkI0LThGMjMtOTFCNkIzQzFENzkyfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSIzIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4yNDU0NiIgc3A9IlNlcnZpY2UgUGFjayAxIiBhcmNoPSJ4ODYiLz48YXBwIGFwcGlkPSJ7QUZFNkE0NjItQzU3NC00QjhBLUFGNDMtNENDNjBERjQ1NjNCfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTA5LjEuNDcuMTg2IiBhcD0ieDY0LXJlbCIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHBzOi8vdXBkYXRlcy1jZG4uYnJhdmVzb2Z0d2FyZS5jb20vYnVpbGQvQnJhdmUtUmVsZWFzZS94NjQtcmVsL3dpbi8xMDkuMS40Ny4xODYvYnJhdmVfaW5zdGFsbGVyLXg2NC5leGUiIGRvd25sb2FkZWQ9IjEwNTc2NjcwNCIgdG90YWw9IjEwNTc2NjcwNCIgZG93bmxvYWRfdGltZV9tcz0iNTk0MDYiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MjE5MTk5IiBleHRyYWNvZGUxPSItMjE0NzAyNDY4MCIgc291cmNlX3VybF9pbmRleD0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjE1MjA0IiBkb3dubG9hZF90aW1lX21zPSI2MzEwOSIgZG93bmxvYWRlZD0iMTA1NzY2NzA0IiB0b3RhbD0iMTA1NzY2NzA0IiBpbnN0YWxsX3RpbWVfbXM9IjU2MyIvPjwvYXBwPjwvcmVxdWVzdD4C:\Program Files\BraveSoftware\Update\BraveUpdate.exe
BraveUpdate.exe
User:
admin
Company:
BraveSoftware Inc.
Integrity Level:
HIGH
Description:
BraveSoftware Update
Exit code:
0
Version:
1.3.361.137
Modules
Images
c:\program files\bravesoftware\update\braveupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
3188"C:\Program Files\BraveSoftware\Update\BraveUpdate.exe" /handoff "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Brave-Release&needsadmin=prefers&ap=x64-rel&referral=none" /installsource taggedmi /sessionid "{74A7A951-7AB1-4CA4-89E7-FB2E0D409A9C}"C:\Program Files\BraveSoftware\Update\BraveUpdate.exeBraveUpdate.exe
User:
admin
Company:
BraveSoftware Inc.
Integrity Level:
HIGH
Description:
BraveSoftware Update
Exit code:
0
Version:
1.3.361.137
Modules
Images
c:\program files\bravesoftware\update\braveupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
3212"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ole32.dll
Total events
12 226
Read events
10 261
Write events
1 938
Delete events
27

Modification events

(PID) Process:(3072) BraveUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BraveUpdate.exe
Operation:delete keyName:(default)
Value:
(PID) Process:(2820) BraveUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}\InprocServer32
Operation:delete keyName:(default)
Value:
(PID) Process:(2820) BraveUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBDA5D88-AA7D-4A8C-A20C-C01FADB43EDA}
Operation:delete keyName:(default)
Value:
(PID) Process:(2820) BraveUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32
Operation:delete keyName:(default)
Value:
(PID) Process:(2820) BraveUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}
Operation:delete keyName:(default)
Value:
(PID) Process:(2820) BraveUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEA0569C-BA89-4E8E-836F-DE9700ABE0D4}\InprocHandler32
Operation:delete keyName:(default)
Value:
(PID) Process:(2820) BraveUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEA0569C-BA89-4E8E-836F-DE9700ABE0D4}
Operation:delete keyName:(default)
Value:
(PID) Process:(2820) BraveUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77E9D995-5028-4E23-BA62-C9EA9E4F8AC3}\InProcServer32
Operation:writeName:ThreadingModel
Value:
Both
(PID) Process:(1736) BraveUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\BraveSoftware\Update\PersistedPings\{8438B459-4B2A-430D-BC58-B2484DFB82F1}
Operation:delete keyName:(default)
Value:
(PID) Process:(3280) BraveUpdate.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\17F\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
Executable files
217
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
948BraveBrowserSetup-BRV030.exeC:\Users\admin\AppData\Local\Temp\GUMFC10.tmp\BraveUpdate.exeexecutable
MD5:3CC18F759209176A7E0733C5C8A89C1E
SHA256:165CE6EA87F6140D97ACFB9B040FF3EBABC6C4FBEEA62CC27E541BD1458AC4E7
948BraveBrowserSetup-BRV030.exeC:\Users\admin\AppData\Local\Temp\GUMFC10.tmp\BraveUpdateBroker.exeexecutable
MD5:06EA331934BBD8D844017910F4C6EE69
SHA256:4D04CA347CEF1A7401E802D10966F109C76B645D8816800B3E550F3754BDCC7F
948BraveBrowserSetup-BRV030.exeC:\Users\admin\AppData\Local\Temp\GUMFC10.tmp\goopdate.dllexecutable
MD5:C67289EE5508F43819B5E92FB029C085
SHA256:6F8791629E42F7B1B8C9F1884E3AD6225CE2EEC113EBD0460B97523F55826549
948BraveBrowserSetup-BRV030.exeC:\Users\admin\AppData\Local\Temp\GUMFC10.tmp\psmachine.dllexecutable
MD5:F64893A14687DBBFC9CCBC3B4582BD85
SHA256:4BF7EA2FF96C56F821C7C4D7582A0E6516984A955D22B04410E01BE4713E18E1
948BraveBrowserSetup-BRV030.exeC:\Users\admin\AppData\Local\Temp\GUMFC10.tmp\BraveUpdateComRegisterShell64.exeexecutable
MD5:D42E0C6AFE8BE9877802CE846E83A8C7
SHA256:EDDB4F2480FB8373687B3C343C4BC713AAA3EEFD52009C993BDB8A0B719DBB07
948BraveBrowserSetup-BRV030.exeC:\Users\admin\AppData\Local\Temp\GUMFC10.tmp\psuser.dllexecutable
MD5:E0ED6FE02CBC9A66CD492DEEC53B56CF
SHA256:12EA451316A6A495C44EDDF6C6BD8AE6ABECC0C51CD63120AAF145A3DE59D88F
948BraveBrowserSetup-BRV030.exeC:\Users\admin\AppData\Local\Temp\GUMFC10.tmp\psmachine_64.dllexecutable
MD5:080F0426675C2D1B20248212AA734847
SHA256:8ED2845E3E589C0CBC6104648825CCC6C3E1F557E378B940AD7213EDEB6C6F6D
948BraveBrowserSetup-BRV030.exeC:\Users\admin\AppData\Local\Temp\GUMFC10.tmp\BraveUpdateOnDemand.exeexecutable
MD5:F0ECDA1993DB59DA8C6E2B91BB3B8D32
SHA256:ADC27F830DA7267550A1DEA55494CAE9F233E74EC9F65085035C3CAA7ABAB5BE
948BraveBrowserSetup-BRV030.exeC:\Users\admin\AppData\Local\Temp\GUMFC10.tmp\BraveUpdateCore.exeexecutable
MD5:FEE9349BA8B85F89ADB0D6FE32BC4FD9
SHA256:FF3D5EFCF848B91B850CB20171ACE25A0501EAD0F9103830663A831859AD944C
948BraveBrowserSetup-BRV030.exeC:\Users\admin\AppData\Local\Temp\GUMFC10.tmp\psuser_64.dllexecutable
MD5:FE409453D4BA3DD7EF5020DABF62B5E5
SHA256:5625A37685813121E32C9B5A94D43D919CF04529C1C5CB9795F0D80F3141C606
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
1
TCP/UDP connections
9
DNS requests
5
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1080
svchost.exe
GET
200
8.253.95.121:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?60b2f43ad8cf70d9
unknown
compressed
4.66 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
868
svchost.exe
95.101.148.135:80
Akamai International B.V.
NL
unknown
3280
BraveUpdate.exe
13.32.121.47:443
updates.bravesoftware.com
AMAZON-02
US
unknown
1496
BraveUpdate.exe
13.32.121.47:443
updates.bravesoftware.com
AMAZON-02
US
unknown
4
System
192.168.100.255:138
whitelisted
868
svchost.exe
23.35.228.137:80
armmf.adobe.com
AKAMAI-AS
DE
unknown
4
System
192.168.100.255:137
whitelisted
868
svchost.exe
108.138.7.28:443
updates-cdn.bravesoftware.com
AMAZON-02
US
unknown
3140
BraveUpdate.exe
13.32.121.70:443
updates.bravesoftware.com
AMAZON-02
US
unknown
1080
svchost.exe
8.253.95.121:80
ctldl.windowsupdate.com
LEVEL3
US
unknown

DNS requests

Domain
IP
Reputation
updates.bravesoftware.com
  • 13.32.121.47
  • 13.32.121.6
  • 13.32.121.124
  • 13.32.121.70
shared
armmf.adobe.com
  • 23.35.228.137
whitelisted
updates-cdn.bravesoftware.com
  • 108.138.7.28
  • 108.138.7.67
  • 108.138.7.104
  • 108.138.7.45
whitelisted
ctldl.windowsupdate.com
  • 8.253.95.121
  • 67.26.137.254
  • 8.253.207.120
  • 67.27.235.126
  • 67.27.233.126
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
BraveBrowserSetup-BRV030.exe