breakin.exe

  • File Path: C:\Program Files (x86)\Windows Kits\10\Debuggers\arm64\breakin.exe
  • Description: Microsoft Breakpoint forcer

Hashes

Type Hash
MD5 3A457F977B3D6BC2A36B645608AAB8CD
SHA1 1144707E7FB5A9C1CF7F6ADD83A335A263899BCD
SHA256 93A92739DA0CF9E08CF15391A9CF3B4D3AA57DAC34A701F11A34DB36EE5A158F
SHA384 C5E62DE84D0EC0733876D1990E7043D546D03394381287D0AAE81567D95CEF96943492EAE1C35ED67891DBA22AFCF7D0
SHA512 75FC205AFFF2DB619EDFA1D29336CD8F8D859FCB1D54170F676C2D98D904870C99D9A4C5C88385C8A866B0CE4A86310E0EE719D437DF1C7CCCE9A7F9CAA0DF92
SSDEEP 192:JgOjF014v+qhBMh0rsMHujxs+oFVEOWYGNW8W8bpVWQ4eWKwkwqnaj0aezCP:JD9V0hi7MxIVEOWYGNWSJ6lITGP
IMP 03667462961B049BAEBEF0B9C8B0F94A
PESHA1 CF52B731191ED07F552361589A30C6BF87C996D6
PE256 D7FD68D3F015B9D914CBCA8F9FD8F358D32EEF9229897FE69F98EDCC5990DB84

Signature

  • Status: Signature verified.
  • Serial: 33000002B7E8E007A82AEF13150000000002B7
  • Thumbprint: 5A68625F1A516670A744F7EF919500A479D32A5B
  • Issuer: CN=Microsoft Code Signing PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows Kits Publisher, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: breakin.exe
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit ARM

File Scan

  • VirusTotal Detections: Unknown

File Similarity (ssdeep match)

File Score
C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\arm\1033\wstraceutilresources.dll 43
C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\arm64\1033\wstracedumpresources.dll 36
C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\arm64\1033\wstraceutilresources.dll 30
C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\arm64\cert2spc.exe 30
C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\arm64\extidgen.exe 44
C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\arm64\filtreg.exe 32
C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\arm64\UIAVerify\WUIALogging.dll 35
C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x64\extidgen.exe 30
C:\Program Files (x86)\Windows Kits\10\Debuggers\arm\dumpchk.exe 33
C:\Program Files (x86)\Windows Kits\10\Debuggers\arm\dumpexam.exe 38
C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\breakin.exe 35
C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\dumpchk.exe 38
C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\dumpexam.exe 40
C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\api-ms-win-eventing-provider-l1-1-0.dll 38
C:\Program Files (x86)\Windows Kits\10\Redist\10.0.19041.0\ucrt\DLLs\arm\api-ms-win-core-console-l1-1-0.dll 41
C:\Program Files (x86)\Windows Kits\10\Redist\10.0.19041.0\ucrt\DLLs\arm\api-ms-win-core-console-l1-2-0.dll 38
C:\Program Files (x86)\Windows Kits\10\Redist\10.0.19041.0\ucrt\DLLs\arm\api-ms-win-core-datetime-l1-1-0.dll 36
C:\Program Files (x86)\Windows Kits\10\Redist\10.0.19041.0\ucrt\DLLs\arm\api-ms-win-core-debug-l1-1-0.dll 35
C:\Program Files (x86)\Windows Kits\10\Redist\10.0.19041.0\ucrt\DLLs\arm\api-ms-win-core-errorhandling-l1-1-0.dll 40
C:\Program Files (x86)\Windows Kits\10\Redist\10.0.19041.0\ucrt\DLLs\arm\api-ms-win-core-file-l1-1-0.dll 38
C:\Program Files (x86)\Windows Kits\10\Redist\10.0.19041.0\ucrt\DLLs\arm\api-ms-win-core-file-l1-2-0.dll 36
C:\Program Files (x86)\Windows Kits\10\Redist\10.0.19041.0\ucrt\DLLs\arm\api-ms-win-core-file-l2-1-0.dll 40
C:\Program Files (x86)\Windows Kits\10\Redist\10.0.19041.0\ucrt\DLLs\arm\api-ms-win-core-handle-l1-1-0.dll 36
C:\Program Files (x86)\Windows Kits\10\Redist\10.0.19041.0\ucrt\DLLs\arm\api-ms-win-core-heap-l1-1-0.dll 36
C:\Program Files (x86)\Windows Kits\10\Redist\10.0.19041.0\ucrt\DLLs\arm\api-ms-win-core-interlocked-l1-1-0.dll 35
C:\Program Files (x86)\Windows Kits\10\Redist\10.0.19041.0\ucrt\DLLs\arm\api-ms-win-core-libraryloader-l1-1-0.dll 40
C:\Program Files (x86)\Windows Kits\10\Redist\10.0.19041.0\ucrt\DLLs\arm\api-ms-win-core-memory-l1-1-0.dll 41
C:\Program Files (x86)\Windows Kits\10\Redist\10.0.19041.0\ucrt\DLLs\arm\api-ms-win-core-namedpipe-l1-1-0.dll 36
C:\Program Files (x86)\Windows Kits\10\Redist\10.0.19041.0\ucrt\DLLs\arm\api-ms-win-core-processenvironment-l1-1-0.dll 40
C:\Program Files (x86)\Windows Kits\10\Redist\10.0.19041.0\ucrt\DLLs\arm\api-ms-win-core-processthreads-l1-1-0.dll 35
C:\Program Files (x86)\Windows Kits\10\Redist\10.0.19041.0\ucrt\DLLs\arm\api-ms-win-core-processthreads-l1-1-1.dll 36
C:\Program Files (x86)\Windows Kits\10\Redist\10.0.19041.0\ucrt\DLLs\arm\api-ms-win-core-profile-l1-1-0.dll 40
C:\Program Files (x86)\Windows Kits\10\Redist\10.0.19041.0\ucrt\DLLs\arm\api-ms-win-core-rtlsupport-l1-1-0.dll 38
C:\Program Files (x86)\Windows Kits\10\Redist\10.0.19041.0\ucrt\DLLs\arm\api-ms-win-core-string-l1-1-0.dll 36
C:\Program Files (x86)\Windows Kits\10\Redist\10.0.19041.0\ucrt\DLLs\arm\api-ms-win-core-synch-l1-1-0.dll 36
C:\Program Files (x86)\Windows Kits\10\Redist\10.0.19041.0\ucrt\DLLs\arm\api-ms-win-core-synch-l1-2-0.dll 35
C:\Program Files (x86)\Windows Kits\10\Redist\10.0.19041.0\ucrt\DLLs\arm\api-ms-win-core-sysinfo-l1-1-0.dll 40
C:\Program Files (x86)\Windows Kits\10\Redist\10.0.19041.0\ucrt\DLLs\arm\api-ms-win-core-timezone-l1-1-0.dll 40
C:\Program Files (x86)\Windows Kits\10\Redist\10.0.19041.0\ucrt\DLLs\arm\api-ms-win-core-util-l1-1-0.dll 38
C:\Program Files (x86)\Windows Kits\10\Redist\10.0.19041.0\ucrt\DLLs\arm\api-ms-win-crt-conio-l1-1-0.dll 41
C:\Program Files (x86)\Windows Kits\10\Redist\10.0.19041.0\ucrt\DLLs\arm\api-ms-win-crt-convert-l1-1-0.dll 38
C:\Program Files (x86)\Windows Kits\10\Redist\10.0.19041.0\ucrt\DLLs\arm\api-ms-win-crt-environment-l1-1-0.dll 38
C:\Program Files (x86)\Windows Kits\10\Redist\10.0.19041.0\ucrt\DLLs\arm\api-ms-win-crt-filesystem-l1-1-0.dll 35
C:\Program Files (x86)\Windows Kits\10\Redist\10.0.19041.0\ucrt\DLLs\arm\api-ms-win-crt-heap-l1-1-0.dll 40
C:\Program Files (x86)\Windows Kits\10\Redist\10.0.19041.0\ucrt\DLLs\arm\api-ms-win-crt-locale-l1-1-0.dll 36
C:\Program Files (x86)\Windows Kits\10\Redist\10.0.19041.0\ucrt\DLLs\arm\api-ms-win-crt-process-l1-1-0.dll 36
C:\Program Files (x86)\Windows Kits\10\Redist\10.0.19041.0\ucrt\DLLs\arm\api-ms-win-crt-runtime-l1-1-0.dll 36
C:\Program Files (x86)\Windows Kits\10\Redist\10.0.19041.0\ucrt\DLLs\arm\api-ms-win-crt-stdio-l1-1-0.dll 40
C:\Program Files (x86)\Windows Kits\10\Redist\10.0.19041.0\ucrt\DLLs\arm\api-ms-win-crt-time-l1-1-0.dll 35
C:\Program Files (x86)\Windows Kits\10\Redist\10.0.19041.0\ucrt\DLLs\arm\api-ms-win-crt-utility-l1-1-0.dll 36
C:\Program Files (x86)\Windows Kits\10\Redist\10.0.19041.0\ucrt\DLLs\x64\api-ms-win-core-debug-l1-1-0.dll 35
C:\Program Files (x86)\Windows Kits\10\Redist\10.0.19041.0\ucrt\DLLs\x64\api-ms-win-core-string-l1-1-0.dll 41
C:\Program Files (x86)\Windows Kits\10\Redist\10.0.19041.0\ucrt\DLLs\x64\api-ms-win-crt-convert-l1-1-0.dll 38
C:\Program Files (x86)\Windows Kits\10\Redist\10.0.19041.0\ucrt\DLLs\x64\api-ms-win-crt-filesystem-l1-1-0.dll 35
C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\api-ms-win-core-interlocked-l1-1-0.dll 38
C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\api-ms-win-core-sysinfo-l1-1-0.dll 40
C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\api-ms-win-core-timezone-l1-1-0.dll 29
C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\api-ms-win-core-util-l1-1-0.dll 38
C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\api-ms-win-crt-heap-l1-1-0.dll 36
C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\api-ms-win-crt-runtime-l1-1-0.dll 36
C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\api-ms-win-crt-utility-l1-1-0.dll 36
C:\Windows\system32\csrss.exe 27

Possible Misuse

The following table contains possible examples of breakin.exe being misused. While breakin.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
malware-ioc misp-dukes-operation-ghost-event.json "description": "A 2015 report by F-Secure describe APT29 as: 'The Dukes are a well-resourced, highly dedicated and organized cyberespionage group that we believe has been working for the Russian Federation since at least 2008 to collect intelligence in support of foreign and security policy decision-making. The Dukes show unusual confidence in their ability to continue successfully compromising their targets, as well as in their ability to operate with impunity. The Dukes primarily target Western governments and related organizations, such as government ministries and agencies, political think tanks, and governmental subcontractors. Their targets have also included the governments of members of the Commonwealth of Independent States;Asian, African, and Middle Eastern governments;organizations associated with Chechen extremism;and Russian speakers engaged in the illicit trade of controlled substances and drugs. The Dukes are known to employ a vast arsenal of malware toolsets, which we identify as MiniDuke, CosmicDuke, OnionDuke, CozyDuke, CloudDuke, SeaDuke, HammerDuke, PinchDuke, and GeminiDuke. In recent years, the Dukes have engaged in apparently biannual large - scale spear - phishing campaigns against hundreds or even thousands of recipients associated with governmental institutions and affiliated organizations. These campaigns utilize a smash - and - grab approach involving a fast but noisy breakin followed by the rapid collection and exfiltration of as much data as possible.If the compromised target is discovered to be of value, the Dukes will quickly switch the toolset used and move to using stealthier tactics focused on persistent compromise and long - term intelligence gathering. This threat actor targets government ministries and agencies in the West, Central Asia, East Africa, and the Middle East; Chechen extremist groups; Russian organized crime; and think tanks. It is suspected to be behind the 2015 compromise of unclassified networks at the White House, Department of State, Pentagon, and the Joint Chiefs of Staff. The threat actor includes all of the Dukes tool sets, including MiniDuke, CosmicDuke, OnionDuke, CozyDuke, SeaDuke, CloudDuke (aka MiniDionis), and HammerDuke (aka Hammertoss). '", © ESET 2014-2018

MIT License. Copyright (c) 2020-2021 Strontic.