HIGH Evasion Technique - 1720575843

Prevented (Blocked) ID: #16 | Detected: 2025-12-30 16:42:22 | Malware
View Incident Back
Alert Overview

Suspicious activity using mavinject.exe

Unclassified
XDR Agent
New
DS:PANW/XDR Agent DOM:Security
Host Information
DESKTOP-FNUMV3U
172.30.1.80 172.18.176.1 172.26.224.1
User
6761b82386d0481190f91c4255079cb7
00:15:5d:52:e9:ba
Process Information Process Execution
Actor Process (Executor)
Process Name cmd.exe
Path C:\Windows\System32\cmd.exe
PID 25588
SHA256 badf4752413cb0cbdc03fb95820ca167f0cdc63b597ccdb5ef43111180e088b0 VT
MD5 2b40c98ed0f7a1d3b091a3e8353132dc
Signature Microsoft Corporation N/A 
C:\WINDOWS\SYSTEM32\cmd.exe /c ""C:\app\cortex-xdr-siem-test\xdr_ultimate_runner.bat""
MITRE ATT&CK Mapping
TA0005 - Defense Evasion TA0004 - Privilege Escalation
T1055 - Process Injection T1218.013 - System Binary Proxy Execution: Mavinject
Quick Actions
View Related Incident View Endpoint Check Hash on VirusTotal Back to Alerts
Severity Analysis
HIGH

High priority investigation needed

Summary
Events 1
IP Addresses 3
Tags 2
File Artifacts Yes
Network Artifacts No
Registry Artifacts No
Analyst Verdict