net1.exe

  • File Path: C:\Windows\SysWOW64\net1.exe
  • Description: Net Command

Hashes

Type Hash
MD5 8ED7827C8A927C154CEA418153317F87
SHA1 3BF2745BE3C0EAD7B7E582563E4FC34C160B5DAE
SHA256 13A5AF915F7520E998FC4E8760A7068B1A70ABA90652D9F53F8740B466B9024D
SHA384 A74D434399BF77071312D16A0A3086A08E0E8CC86C855BFDD144FF2F9316B8700E34B66558B1DC632ED66E65B0EE8FEC
SHA512 88E7D3BADA4FDFCE2A3A29FB9BB86191DA124F1E4328F85F77DECE8C258A516022F0FEC5FCDE5E3700482ABDC78735F80B0FD89DC7A1FDA0ADB8A0B5CB27BC84
SSDEEP 3072:6sarenF2aTsQ3Xwr4MMNHbF/dycJWuK2iXeakelGKMHB3Mr:farenF2aTsQ3tNbhzouK2iXrkewKMHB3
IMP F44A3CB56AC156111E03B2437FC54F18
PESHA1 CA2850FA70BB4ABA5D72A332DF4C09945F5BA2BF
PE256 9DFA189739295D3CC341EA021E4D556D3633A939E0C7541D1E5E79AF496BC96F

Runtime Data

Usage (stdout):

The syntax of this command is:

NET HELP
command
     -or-
NET command /HELP

  Commands available are:

  NET ACCOUNTS             NET HELPMSG              NET STATISTICS
  NET COMPUTER             NET LOCALGROUP           NET STOP
  NET CONFIG               NET PAUSE                NET TIME
  NET CONTINUE             NET SESSION              NET USE
  NET FILE                 NET SHARE                NET USER
  NET GROUP                NET START                NET VIEW
  NET HELP

  NET HELP NAMES explains different types of names in NET HELP syntax lines.
  NET HELP SERVICES lists some of the services you can start.
  NET HELP SYNTAX explains how to read NET HELP syntax lines.
  NET HELP command | MORE displays Help one screen at a time.


Usage (stderr):

The syntax of this command is:

NET
    [ ACCOUNTS | COMPUTER | CONFIG | CONTINUE | FILE | GROUP | HELP |
      HELPMSG | LOCALGROUP | PAUSE | SESSION | SHARE | START |
      STATISTICS | STOP | TIME | USE | USER | VIEW ]

Loaded Modules:

Path
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll
C:\Windows\SysWOW64\net1.exe

Signature

  • Status: Signature verified.
  • Serial: 330000026551AE1BBD005CBFBD000000000265
  • Thumbprint: E168609353F30FF2373157B4EB8CD519D07A2BFF
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: net1.exe
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/67
  • VirusTotal Link: https://www.virustotal.com/gui/file/13a5af915f7520e998fc4e8760a7068b1a70aba90652d9f53f8740b466b9024d/detection/

File Similarity (ssdeep match)

File Score
C:\Windows\SysWOW64\net1.exe 80

Possible Misuse

The following table contains possible examples of net1.exe being misused. While net1.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma win_susp_logon_explicit_credentials.yml - '\net1.exe' DRL 1.0
sigma proc_creation_win_local_system_owner_account_discovery.yml - '\net1.exe' DRL 1.0
sigma proc_creation_win_malware_dridex.yml - '\net1.exe' DRL 1.0
sigma proc_creation_win_mal_ryuk.yml - '\net1.exe' DRL 1.0
sigma proc_creation_win_net_enum.yml - '\net1.exe' DRL 1.0
sigma proc_creation_win_net_user_add.yml - '\net1.exe' DRL 1.0
sigma proc_creation_win_net_use_admin_share.yml - '\net1.exe' DRL 1.0
sigma proc_creation_win_remote_time_discovery.yml - '\net1.exe' DRL 1.0
sigma proc_creation_win_renamed_binary.yml - 'net1.exe' DRL 1.0
sigma proc_creation_win_renamed_binary.yml - '\net1.exe' DRL 1.0
sigma proc_creation_win_service_execution.yml - '\net1.exe' DRL 1.0
sigma proc_creation_win_service_stop.yml - '\net1.exe' DRL 1.0
sigma proc_creation_win_susp_mounted_share_deletion.yml Image\|endswith: '\net1.exe' DRL 1.0
sigma proc_creation_win_susp_net_execution.yml - '\net1.exe' DRL 1.0
sigma proc_creation_win_webshell_detection.yml - '\net1.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.