Process Information Gathering
Process Information Gathering is a technique that can be used independently or as part of other malware techniques, such as Running Process Enumeration. It involves collecting detailed attributes of a process using known identifiers like its process ID (PID) or name.
The information gathered may include the process's full path, image name, process ID, elevation status, command-line arguments, number of threads, and more. This data helps adversaries better understand the system's state and identify potential targets for exploitation, such as vulnerable processes, privilege escalation opportunities, security software, or sandbox environments.
Unlike other related technique, this one specifically focuses on information directly related to the process itself.
Featured Windows APIs
Associated Code Snippets
| Id | Name | Language | Author | Published Date |
|---|---|---|---|---|
| 10 | Check Process Elevation |
 Delphi
|
DarkCoderSc | 2 weeks ago. |
| 8 | Get Process Name via QueryFullProcessImageName |
Delphi
|
DarkCoderSc | 2 weeks, 2 days ago. |