Process Hacker- Tool that helps analyst to debug software and detect malware.

0

OVERVIEW


A Process hacker [Advanced Task Manager] is An open-source, powerful, multi-purpose tool especially for windows platform that helps you to monitor the list of running processes, PID assigned to the process, the metric value of the process which consumes the CPU resources, system resources, debug software and detect malware and much more. 

Process hacker gives you a centralized tool for managing all running processes which helps to monitor and investigate all processes.

  • A detailed overview of system activity with highlighting.
  • Graphs and statistics allow you quickly to track down resource hogs and runaway processes.
  • Can’t edit or delete a file? Discover which processes are using that file.
  • See what programs have active network connections, and close them if necessary.
  • Get real-time information on disk access.
  • View detailed stack traces with kernel-mode, WOW64 and .NET support.
  • Go beyond services.msc: create, edit and control services.
  • Small, portable and no installation required.
  • 100% Free Software (GPL v3)

Advantages of Process Hacker

  1. Graphs and statistics allow you quickly to track down resource hogs and runaway processes.
  2. Used to Discover which processes are using that file.
  3. Used to See what programs have active network connections, and close them if necessary.
  4. Used to See a highly detailed overview of system activity with highlighting.
  5. Get real-time information on disk access.
  6. Get real-time information on disk usage.
  7. View detailed stack traces with kernel-mode, WOW64 and .NET support.
  8. Get real-time information on network usage.
  9. Go beyond services.msc: create, edit and control services.
  10. Get real-time information on gpu usage.

Why?

In general many predefined process are concurrently running over an operating system, its need some more user friendly GUI than the traditional one like taskmanager

It is advisable to determine which processes are authorized to run on the subject system. However Many adversaries are actively deploying and developing malicious back-doors with the same name as these legitimate processes, in such a state it’s become a more challenging task for many researchers to determine the running process is legitimate.

Features of Process Hacker

  1. Process Tab

The screen which provides an entire detail/summary of the list of running process, which include the name of the process,PID, CPU, I/O total, Username and with the description, 

What is Process ? A process, in the simplest terms, is an executing program

  1. Service Tab

    The screen which displays the list of all services on the operating service,

“What is windows service? 

These services can be automatically started when the computer boots, can be paused and restarted, and do not show any user interface”

  1. Network Tab

The most interesting feature of “Process Hacker” tool was the network tab which gives a detailed overview of all inbound and outbound traffics which are generated by the application or an executables, in addition it provide us with all major information like 

  1. Application Name
  2. Local Address, 
  3. Loca Port, 
  4. Remote Address,
  5. Remote Port, 
  6. Protocol
  7. State
  8. Owner 

4. DISK TAB

The screen which displays all the list of directory in addition with the I/O priority

5. System Information Tab

A GUI which includes the metric values of all running processes, Memory, I/O, Disk and network which used to find any suspicious activity or any process is consuming more computing resources.

List of Field Process Hacker tool used

  1. Malware Analysis

Process hacker became one of the mandatory tool for every malware analyst, which most probably used in dynamic analysis, it more easy for them to find the Root cause and to understand the entier working of the malware or the virus

  1. Forensics

The most popular tool for many forensicator especially on Memory Forensics which is used to collect information about all running processes and determine the Root cause.

Demo

Reference

  1. https://blog.malwarebytes.com/101/how-tos/2018/11/advanced-tools-process-hacker/
  2. https://processhacker.sourceforge.io/
  3. https://processhacker.sourceforge.io/github.php

Previous articleInsecure Direct Object Reference – Prevention and Detection of IDOR
Next articleCyber Threat Hunting – Proactive Intrusion Detection
A Cyber Security Aspirant Security Researcher | Red-Teamer |

LEAVE A REPLY

Please enter your comment!
Please enter your name here