net1.exe

  • File Path: C:\windows\system32\net1.exe
  • Description: Net Command

Hashes

Type Hash
MD5 A3F48D90EE53FDF2547B41F87A7C8080
SHA1 2F9215EEA2545174921C2353B8EFF29D45370B5E
SHA256 D28BC8FA6E80316833C0EBB948B46511971B96635892F40998A216A2DD5EC8AA
SHA384 F4D509FD7303CD2A9768557DCCDD1329A641699E224147571D4C4530A4D78C4E0A17D9E5C10AFD33176337BC73E1DD4B
SHA512 440DFCA2AE9CA31BAE18B8E2EEECF6B340EA78C5C3AF17C3241BBF0F47B8DA4D38B01EDEE3FE94AC800B14DCB942FC9EF781B7E4BCB4A73CBA3B0A5E2D073B91
SSDEEP 3072:d0PeEp+s3t37TU2q/1ndimrbvkdeDNrZ9rsjpDp/95M:dmt37TU2G1nIiDkdeDxZ9rQH/9

Signature

  • Status: The file C:\windows\system32\net1.exe is not digitally signed. You cannot run this script on the current system. For more information about running scripts and setting execution policy, see about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170
  • Serial: ``
  • Thumbprint: ``
  • Issuer:
  • Subject:

File Metadata

  • Original Filename: net1.exe
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 6.3.9600.17415 (winblue_r4.141028-1500)
  • Product Version: 6.3.9600.17415
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

Possible Misuse

The following table contains possible examples of net1.exe being misused. While net1.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma win_susp_logon_explicit_credentials.yml - '\net1.exe' DRL 1.0
sigma proc_creation_win_local_system_owner_account_discovery.yml - '\net1.exe' DRL 1.0
sigma proc_creation_win_malware_dridex.yml - '\net1.exe' DRL 1.0
sigma proc_creation_win_mal_ryuk.yml - '\net1.exe' DRL 1.0
sigma proc_creation_win_net_enum.yml - '\net1.exe' DRL 1.0
sigma proc_creation_win_net_user_add.yml - '\net1.exe' DRL 1.0
sigma proc_creation_win_net_use_admin_share.yml - '\net1.exe' DRL 1.0
sigma proc_creation_win_remote_time_discovery.yml - '\net1.exe' DRL 1.0
sigma proc_creation_win_renamed_binary.yml - 'net1.exe' DRL 1.0
sigma proc_creation_win_renamed_binary.yml - '\net1.exe' DRL 1.0
sigma proc_creation_win_service_execution.yml - '\net1.exe' DRL 1.0
sigma proc_creation_win_service_stop.yml - '\net1.exe' DRL 1.0
sigma proc_creation_win_susp_mounted_share_deletion.yml Image\|endswith: '\net1.exe' DRL 1.0
sigma proc_creation_win_susp_net_execution.yml - '\net1.exe' DRL 1.0
sigma proc_creation_win_webshell_detection.yml - '\net1.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.