net1.exe

  • File Path: C:\WINDOWS\system32\net1.exe
  • Description: Net Command

Hashes

Type Hash
MD5 0F641F87A791AE07C00A725BBBD77724
SHA1 F0DEA8E671AADFBBF76E6E4A8A9118195961C3CB
SHA256 286E7F127B06386BD1CC9664851848F483A867F0F604AA352893151068715FAA
SHA384 346B3CB25D389237DDD01B20117BC96B854628E9E094E0A96A3F09D152825F208FA1F7CA3C6B0ECF37BD9FA26CCA1771
SHA512 00EB46FC8C031DD49970BB8CD77A09F2209EFA391C430F3FD7BB9771E362F78957A7CF605B711C93D390F4FEEFACDF779BE182BC68EDAFC8EF3DBCEA286BCECF
SSDEEP 3072:ZClN9UCzRhQNW1hGtMb3oWfDOLEkncvTddaiH0QHxe6T8mzC/KhKkHqr71x/:ZCJZhT1hMMb3oWfDOQkncvTXaiH0QHg7

Runtime Data

Usage (stdout):

The syntax of this command is:

NET HELP
command
     -or-
NET command /HELP

  Commands available are:

  NET ACCOUNTS             NET HELPMSG              NET STATISTICS
  NET COMPUTER             NET LOCALGROUP           NET STOP
  NET CONFIG               NET PAUSE                NET TIME
  NET CONTINUE             NET SESSION              NET USE
  NET FILE                 NET SHARE                NET USER
  NET GROUP                NET START                NET VIEW
  NET HELP

  NET HELP NAMES explains different types of names in NET HELP syntax lines.
  NET HELP SERVICES lists some of the services you can start.
  NET HELP SYNTAX explains how to read NET HELP syntax lines.
  NET HELP command | MORE displays Help one screen at a time.

Usage (stderr):

The syntax of this command is:

NET
    [ ACCOUNTS | COMPUTER | CONFIG | CONTINUE | FILE | GROUP | HELP |
      HELPMSG | LOCALGROUP | PAUSE | SESSION | SHARE | START |
      STATISTICS | STOP | TIME | USE | USER | VIEW ]

Signature

  • Status: Signature verified.
  • Serial: 330000023241FB59996DCC4DFF000000000232
  • Thumbprint: FF82BC38E1DA5E596DF374C53E3617F7EDA36B06
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: net1.exe
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.18362.1 (WinBuild.160101.0800)
  • Product Version: 10.0.18362.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

Possible Misuse

The following table contains possible examples of net1.exe being misused. While net1.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma win_susp_logon_explicit_credentials.yml - '\net1.exe' DRL 1.0
sigma proc_creation_win_local_system_owner_account_discovery.yml - '\net1.exe' DRL 1.0
sigma proc_creation_win_malware_dridex.yml - '\net1.exe' DRL 1.0
sigma proc_creation_win_mal_ryuk.yml - '\net1.exe' DRL 1.0
sigma proc_creation_win_net_enum.yml - '\net1.exe' DRL 1.0
sigma proc_creation_win_net_user_add.yml - '\net1.exe' DRL 1.0
sigma proc_creation_win_net_use_admin_share.yml - '\net1.exe' DRL 1.0
sigma proc_creation_win_remote_time_discovery.yml - '\net1.exe' DRL 1.0
sigma proc_creation_win_renamed_binary.yml - 'net1.exe' DRL 1.0
sigma proc_creation_win_renamed_binary.yml - '\net1.exe' DRL 1.0
sigma proc_creation_win_service_execution.yml - '\net1.exe' DRL 1.0
sigma proc_creation_win_service_stop.yml - '\net1.exe' DRL 1.0
sigma proc_creation_win_susp_mounted_share_deletion.yml Image\|endswith: '\net1.exe' DRL 1.0
sigma proc_creation_win_susp_net_execution.yml - '\net1.exe' DRL 1.0
sigma proc_creation_win_webshell_detection.yml - '\net1.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.