HIGH File Drop - 3732557733

Prevented (Blocked) ID: #2 | Detected: 2025-12-30 16:20:41 | Malware
View Incident Back
Alert Overview

Certutil.exe downloads a suspicious file

Unclassified
XDR Agent
New
DS:PANW/XDR Agent DOM:Security
Host Information
DESKTOP-FNUMV3U
172.30.1.80 172.18.176.1 172.26.224.1
User
6761b82386d0481190f91c4255079cb7
00:15:5d:52:e9:ba
Process Information Process Execution
Actor Process (Executor)
Process Name WindowsTerminal.exe
Path C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.23.13503.0_x64__8wekyb3d8bbwe\WindowsTerminal.exe
PID 18872
SHA256 aba55eb3398b290ebd93ae83b34a9e51d6b5763ac8c0172b39e8a4b6f53b9f8d VT
MD5 c981ce8e4ad1d6cf0719d54b7d94b7d2
Signature Microsoft Corporation N/A 
"C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.23.13503.0_x64__8wekyb3d8bbwe\WindowsTerminal.exe"
MITRE ATT&CK Mapping
TA0005 - Defense Evasion TA0011 - Command and Control
T1102.002 - Web Service: Bidirectional Communication T1140 - Deobfuscate/Decode Files or Information T1102.002 - Web Service: Bidirectional Communication T1140 - Deobfuscate/Decode Files or Information
Quick Actions
View Related Incident View Endpoint Check Hash on VirusTotal Back to Alerts
Severity Analysis
HIGH

High priority investigation needed

Summary
Events 1
IP Addresses 3
Tags 2
File Artifacts Yes
Network Artifacts No
Registry Artifacts No
Analyst Verdict