The Windows Process Journey — “net1.exe” (Net Command for the 21st Century)

<p>&ldquo;net1.exe&rdquo; is known as the &ldquo;Net Command for the 21st Century&rdquo; (<a href="https://www.file.net/process/net1.exe.html" rel="noopener ugc nofollow" target="_blank">https://www.file.net/process/net1.exe.html</a>). It is a PE binary file that is signed by Microsoft, which is located at &ldquo;%windir%\system32\net1.exe&rdquo;. On 64-bit versions of Windows there is also a 32-bit version of the file located at &ldquo;%windir%\SysWOW64\net1.exe&rdquo;.</p> <p>Overall, the &ldquo;net1.exe&rdquo; was created as a temporary fix for the Y2K problem that affected &ldquo;net.exe&rdquo; (<a href="https://www.lifewire.com/net-command-2618094" rel="noopener ugc nofollow" target="_blank">https://www.lifewire.com/net-command-2618094</a>). There was an issue while using the command &ldquo;net user [USERNAME] /times&rdquo; which is responsible for configuring the logon hours of the user (<a href="https://web.archive.org/web/20140830150320/http://support.microsoft.com/kb/240195" rel="noopener ugc nofollow" target="_blank">https://web.archive.org/web/20140830150320/http://support.microsoft.com/kb/240195</a>).</p> <p>Thus, &ldquo;net1.exe&rdquo; is executed for specific functionality when &ldquo;net.exe&rdquo; is run (<a href="https://attack.mitre.org/software/S0039/" rel="noopener ugc nofollow" target="_blank">https://attack.mitre.org/software/S0039/</a>). For example when calling &ldquo;net time&rdquo; an instance of &ldquo;net1.exe&rdquo; is started by &ldquo;net.exe&rdquo; using the command &ldquo;net1 time&rdquo; &mdash; as seen in the screenshot below.</p> <p><a href="https://medium.com/@boutnaru/the-windows-process-journey-net1-exe-net-command-for-the-21st-century-b89a299960fa"><strong>Read More</strong></a></p>