breakin.exe

  • File Path: C:\Program Files (x86)\Windows Kits\10\Debuggers\arm\breakin.exe
  • Description: Microsoft Breakpoint forcer

Hashes

Type Hash
MD5 3B73FAC114D9A2BA9758A7E36D90CA8E
SHA1 6CEB1DB5AC552034C94BB369F7E29C6D38D21023
SHA256 93256E6D43C5BCFE332F31B571EC044B3B3553F894747E9F77B987D0767FBC90
SHA384 07DE4647A4E4523EBB80EDB566C34101A91A204E2E62B87387CC85F6C773AFECFAAF7CEA04CECF27531C06913A67D0E3
SHA512 07653AA41BC09F8D23E8C6099CFAC798E3C757207DEFAE1EE35E19A207943CA8B83E4BBFC60CADA7F4AD9E642E19116317C900BA9DFCABB52381E8357A43ADA5
SSDEEP 384:SDIXAFE2QO/ZPpxIw0GWYGNWWGJ6olz8I:SkXMEe/xnIw0f2L
IMP 03667462961B049BAEBEF0B9C8B0F94A
PESHA1 A27D8FB29A43E0097FD7CC3E24A571F54C77E497
PE256 65149C550B4B9DEE81AA74C694CCD20CE0D9837630F06EDFB000AFE9BC8F7864

Signature

  • Status: Signature verified.
  • Serial: 33000002B7E8E007A82AEF13150000000002B7
  • Thumbprint: 5A68625F1A516670A744F7EF919500A479D32A5B
  • Issuer: CN=Microsoft Code Signing PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows Kits Publisher, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: breakin.exe
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 452

File Scan

  • VirusTotal Detections: Unknown

Possible Misuse

The following table contains possible examples of breakin.exe being misused. While breakin.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
malware-ioc misp-dukes-operation-ghost-event.json "description": "A 2015 report by F-Secure describe APT29 as: 'The Dukes are a well-resourced, highly dedicated and organized cyberespionage group that we believe has been working for the Russian Federation since at least 2008 to collect intelligence in support of foreign and security policy decision-making. The Dukes show unusual confidence in their ability to continue successfully compromising their targets, as well as in their ability to operate with impunity. The Dukes primarily target Western governments and related organizations, such as government ministries and agencies, political think tanks, and governmental subcontractors. Their targets have also included the governments of members of the Commonwealth of Independent States;Asian, African, and Middle Eastern governments;organizations associated with Chechen extremism;and Russian speakers engaged in the illicit trade of controlled substances and drugs. The Dukes are known to employ a vast arsenal of malware toolsets, which we identify as MiniDuke, CosmicDuke, OnionDuke, CozyDuke, CloudDuke, SeaDuke, HammerDuke, PinchDuke, and GeminiDuke. In recent years, the Dukes have engaged in apparently biannual large - scale spear - phishing campaigns against hundreds or even thousands of recipients associated with governmental institutions and affiliated organizations. These campaigns utilize a smash - and - grab approach involving a fast but noisy breakin followed by the rapid collection and exfiltration of as much data as possible.If the compromised target is discovered to be of value, the Dukes will quickly switch the toolset used and move to using stealthier tactics focused on persistent compromise and long - term intelligence gathering. This threat actor targets government ministries and agencies in the West, Central Asia, East Africa, and the Middle East; Chechen extremist groups; Russian organized crime; and think tanks. It is suspected to be behind the 2015 compromise of unclassified networks at the White House, Department of State, Pentagon, and the Joint Chiefs of Staff. The threat actor includes all of the Dukes tool sets, including MiniDuke, CosmicDuke, OnionDuke, CozyDuke, SeaDuke, CloudDuke (aka MiniDionis), and HammerDuke (aka Hammertoss). '", © ESET 2014-2018

MIT License. Copyright (c) 2020-2021 Strontic.