Hashes of All Running Processes

A great starting point for anyone analyzing a system is the running processes. Taking the time to not only retrieve the command line execution of the process but also the parent process will enable you to find outliers. Taking it a step further, retrieving the hashes of the binary of each process expand your aperture substantially. Especially when you are able to group and stack those hashes against those from other machines. With that in mind, I’ve written a simple little script that will get the hashes of all running processes.

foreach ($proc in get-process)
    {
    try
        {
        Get-FileHash $proc.path -Algorithm SHA1 -ErrorAction stop
        }
    catch
        {
         #error handling... log contains names of processes where there was no path listed or we lack the rights
         $proc.name | out-file c:\proc_hash_error.log -Append
        }
    }

Link to code:
https://github.com/WiredPulse/PowerShell/blob/master/Processes%20and%20Services/Get-ProcessHash.ps1

Cyber Fibers

My Location of Thoughts During a Buffer Overflow

Hashes of All Running Processes

Related

Cyber Fibers

My Location of Thoughts During a Buffer Overflow

Share this:

Related