Noriben
Introduction
Noriben is a powerfull tool that acts as a python wrapper for Sysinternals ProcMon. It adds an additional layer of malware-specific intelligence to the process.
Noriben's integration with YARA rules is another notable feature. We can leverage YARA rules to enhance our data filtering capabilities, allowing us to identify patterns of interest more efficiently.
Using Noriben
Start Noriben
python .\Noriben.py
--===[ Noriben v1.8.8
[*] Using filter file: ProcmonConfiguration.PMC
[*] Using procmon EXE: C:\ProgramData\chocolatey\bin\procmon.exe
[*] Procmon session saved to: Noriben_26_Feb_24__07_10_409702.pml
[*] Launching Procmon ...
[*] Procmon is running. Run your executable now.
[*] When runtime is complete, press CTRL+C to stop logging.
ProcMon will open:

Execute Malware
After opening Noriben we can proceed to execute the malware.
Reviewing Log Output
When we close Noriben it will return a .txt file of the log output.

Last updated