“Noriben is the simplest bento, with nori dipped in soy sauce covering cooked rice.” – Wikipedia.org
Well less to do with Japanese lunches and more to do with analyzing malware… Local malware analyst extraordinaire Brian “@bbaskin” Baskin, recently released a new Python-based tool called Noriben. The problem Brian was trying to solve revolved around being called out to do malware analysis with only the Windows resources he was given onsite. Often these computers lacked his standard arsenal of tools so he needed something portable to use in these situations.
Enter Noriben … with the only requirement being Python and Sysinternals Procmon. To get started simply:
- Run Noriben (noriben.py at any command prompt),
- Execute your malware and let it run its course, and
- Hit Ctrl-C and examine the Notepad text file that pops up.
The Notepad text file that pops up contains sections dedicated to Processes Created, File Activity, Registry Activity, Network Traffic, and Unique Hosts. The initial reports can become quite cumbersome so Noriben also creates a CSV file that analysts can later examine with filters. The process is again fairly simple.
- Find the activities in the initial text file that are not of interested,
- Add them to the filters list in the noriben.py file, and
- Run Noriben again against the CSV file (noriben.py -r).
Obviously a full malware analysis environment like Cuckoo is the preferred method but in a pinch Brian’s Noriben is there…
Today’s post pic is from Wikipedia.org. See ya!