Description
The Process Enumeration feature in malware provides attackers with a detailed inventory of all running processes on a compromised system. This is the digital equivalent of a burglar quietly taking stock of valuables in a home. By cataloging active processes, the malware gains insights into the software environment, including potential vulnerabilities and operational characteristics of the target system. This information can be invaluable for escalating privileges, inserting additional payloads, or avoiding detection by identifying security software that may be running. Process Enumeration thereby serves as a crucial intelligence-gathering step, arming attackers with the necessary data to tailor their subsequent actions for maximum impact and minimum detection.
| Categories | Disruption, System Management |
| Dangerousness | Medium |
Existing Techniques
| Name | Associated Feature(s) | Has Snippet | Matching Sample |
|---|---|---|---|
 Loaded Modules Enumeration
|
Process Manager | 0 | |
 Process Dump
|
Process Manager, Password Recovery | 0 | |
 Process Information Gathering
|
Process Manager | 0 | |
 Running Process Enumeration
|
Process Manager | 0 |
Sinique 1.0
Fearless Lite 1.01
ProRat 1.1
Hue 1.0
ProRat 1.2
ProRat 1.3
Nuclear RAT 1.0 Beta 5
Beast 2.06
ProRat 1.4
LanFiltrator 1.5 Beta III
ProRat 1.6
ProRat 1.8
Infector NG 2004 2.1.0
Optix Pro 1.33
Beast 2.07
Flux 1.0
Institution 2004 0.4.0
CIA 1.3
Seed 1.1
ProRat 1.9
Y3K rat 2k5 RC 1.0
Y3K rat 2k5 RC 1.1
TrojNa$ 1.0
Bersek 1.1
Turkojan 3.0
Bifrost 1.2.1
Hav-Rat 1.2
Bandook 1.35
Poison Ivy 2.3.0
Hav-Rat 1.3.2
sharK 2.4.0 Fwb+
DARKMOON 4.11 Private Edition
Nuclear RAT 2.1.0
Bump-Rat 1.2 Beta
Poison Ivy 2.3.2
Lost Door 1.0
ZombieRat 1.2
Lost Door 2.0
Turkojan 4
Turkojan 4.0
sharK 3.1 fwb++
Lost Door 2.2
Aero 2
SynRAT 2.1
Lost Door 3.0 Stable
SynRAT 4.0.1
PrjRAPTOR 1.8
Cerberus 1.0 Beta
Cerberus 1.01 Beta
Cerberus 1.02 Beta