Description
The Process Enumeration feature in malware provides attackers with a detailed inventory of all running processes on a compromised system. This is the digital equivalent of a burglar quietly taking stock of valuables in a home. By cataloging active processes, the malware gains insights into the software environment, including potential vulnerabilities and operational characteristics of the target system. This information can be invaluable for escalating privileges, inserting additional payloads, or avoiding detection by identifying security software that may be running. Process Enumeration thereby serves as a crucial intelligence-gathering step, arming attackers with the necessary data to tailor their subsequent actions for maximum impact and minimum detection.
| Categories | System Management, Disruption |
| Dangerousness | Medium |
Existing Techniques
| Name | Associated Feature(s) | Has Snippet | Matching Sample |
|---|---|---|---|
 Loaded Modules Enumeration
|
Process Manager | 0 | |
 Process Dump
|
Process Manager, Password Recovery | 0 | |
 Process Information Gathering
|
Process Manager | 0 | |
 Running Process Enumeration
|
Process Manager | 0 |
Associated with Releases
| Version | Origins | Authors | Languages | Release Date |
|---|---|---|---|---|
 Coolvibes 1 Update 8
|
Spain 🇪🇸 | Thor | Delphi | May, 2011 |
 Xtreme RAT 2.9
|
Brazil 🇧🇷 | Raphael | Delphi | Jul, 2011 |
 DarkComet RAT 5.3
|
France 🇫🇷 | DarkCoderSc | Assembly, Delphi | Jun, 2012 |
 DarkComet RAT 5.3.1
|
France 🇫🇷 | DarkCoderSc | Assembly, Delphi | Jun, 2012 |
 NjRat 0.7d
|
Kuwait 🇰🇼 | njq8 | VB .net | Dec, 2013 |
 Quasar 1.0
|
Unknown 🏴☠️ | MaxXor | C# | Aug, 2015 |
 Lost Door 9.2 Aws
|
Tunisia 🇹🇳 | OussamiO | Visual Basic 6 (VB6) | Jan, 2022 |