The Windows Process Journey — “net1.exe” (Net Command for the 21st Century)
<p>“net1.exe” is known as the “Net Command for the 21st Century” (<a href="https://www.file.net/process/net1.exe.html" rel="noopener ugc nofollow" target="_blank">https://www.file.net/process/net1.exe.html</a>). It is a PE binary file that is signed by Microsoft, which is located at “%windir%\system32\net1.exe”. On 64-bit versions of Windows there is also a 32-bit version of the file located at “%windir%\SysWOW64\net1.exe”.</p>
<p>Overall, the “net1.exe” was created as a temporary fix for the Y2K problem that affected “net.exe” (<a href="https://www.lifewire.com/net-command-2618094" rel="noopener ugc nofollow" target="_blank">https://www.lifewire.com/net-command-2618094</a>). There was an issue while using the command “net user [USERNAME] /times” which is responsible for configuring the logon hours of the user (<a href="https://web.archive.org/web/20140830150320/http://support.microsoft.com/kb/240195" rel="noopener ugc nofollow" target="_blank">https://web.archive.org/web/20140830150320/http://support.microsoft.com/kb/240195</a>).</p>
<p>Thus, “net1.exe” is executed for specific functionality when “net.exe” is run (<a href="https://attack.mitre.org/software/S0039/" rel="noopener ugc nofollow" target="_blank">https://attack.mitre.org/software/S0039/</a>). For example when calling “net time” an instance of “net1.exe” is started by “net.exe” using the command “net1 time” — as seen in the screenshot below.</p>
<p><a href="https://medium.com/@boutnaru/the-windows-process-journey-net1-exe-net-command-for-the-21st-century-b89a299960fa"><strong>Read More</strong></a></p>