net1.exe

  • File Path: C:\windows\SysWOW64\net1.exe
  • Description: Net Command

Hashes

Type Hash
MD5 8CE85B161698E2C2984DF59BB7A40F5D
SHA1 1DBFDAEAF0E9DE8FF49ACAA99BE02C7079842388
SHA256 01579B7AC743F18645C1AC3CA8B3DBE0DE0E20B7FBB98ED0C302903E8488E0BE
SHA384 1ABC6DFE8B85A422374628FE375BE27425F6FCF549ED77C74A31D27E99B2F2432A8E45700FAA4CE24DFBEE5C07D41F38
SHA512 3AFADCE015351C4A1140B4A36723720285404D7AFBDA2D136BD0A29B8E7FF1B23F2F5469D5ED338642CDB60839D448D786552E16ECFD3F3307220E14A2C80A04
SSDEEP 3072:RzQDh7aP1KO6sWKZx3zPrtBUNbWBmjDm7TCh82iZwnCb5u2c7P8/6p1/KzW8:RzJP1KfSTAm7TCppnAO7Em/KK8

Signature

  • Status: The file C:\windows\SysWOW64\net1.exe is not digitally signed. You cannot run this script on the current system. For more information about running scripts and setting execution policy, see about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170
  • Serial: ``
  • Thumbprint: ``
  • Issuer:
  • Subject:

File Metadata

  • Original Filename: net1.exe
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 6.3.9600.17415 (winblue_r4.141028-1500)
  • Product Version: 6.3.9600.17415
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

Possible Misuse

The following table contains possible examples of net1.exe being misused. While net1.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma win_susp_logon_explicit_credentials.yml - '\net1.exe' DRL 1.0
sigma proc_creation_win_local_system_owner_account_discovery.yml - '\net1.exe' DRL 1.0
sigma proc_creation_win_malware_dridex.yml - '\net1.exe' DRL 1.0
sigma proc_creation_win_mal_ryuk.yml - '\net1.exe' DRL 1.0
sigma proc_creation_win_net_enum.yml - '\net1.exe' DRL 1.0
sigma proc_creation_win_net_user_add.yml - '\net1.exe' DRL 1.0
sigma proc_creation_win_net_use_admin_share.yml - '\net1.exe' DRL 1.0
sigma proc_creation_win_remote_time_discovery.yml - '\net1.exe' DRL 1.0
sigma proc_creation_win_renamed_binary.yml - 'net1.exe' DRL 1.0
sigma proc_creation_win_renamed_binary.yml - '\net1.exe' DRL 1.0
sigma proc_creation_win_service_execution.yml - '\net1.exe' DRL 1.0
sigma proc_creation_win_service_stop.yml - '\net1.exe' DRL 1.0
sigma proc_creation_win_susp_mounted_share_deletion.yml Image\|endswith: '\net1.exe' DRL 1.0
sigma proc_creation_win_susp_net_execution.yml - '\net1.exe' DRL 1.0
sigma proc_creation_win_webshell_detection.yml - '\net1.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.