HIGH WildFire Malware
Prevented (Post Detected)
ID: #308
|
Detected: 2026-01-01 04:10:43
|
Malware
Alert Overview
Suspicious executable detected
Unclassified
XDR Agent
New
DS:PANW/XDR Agent
DOM:Security
Host Information
BOOK-R0BE6S1NC3
N/A
00:15:5d:e5:a2:15
Process Information
File Event
Actor Process (Executor)
| Process Name | splunkd.exe |
|---|---|
| Path | C:\Users\Public\splunkd.exe |
| PID | 24356 |
| SHA256 |
21a82bc892ffbe9e9351528ca53dde9b4c05c3d35a8696b15c5ff2a311533e6f
VT
|
| MD5 | d9c56f6cf62527a6eb22b271f00700b9 |
"C:\Users\Public\splunkd.exe" -server http://localhost:8888 -group redParent Process (Causality)
| Process Name | WindowsTerminal.exe |
|---|---|
| Path | C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.23.13503.0_x64__8wekyb3d8bbwe\WindowsTerminal.exe |
| SHA256 |
aba55eb3398b290ebd93ae83b34a9e51d6b5763ac8c0172b39e8a4b6f53b9f8d
VT
|
"C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.23.13503.0_x64__8wekyb3d8bbwe\WindowsTerminal.exe" File Artifacts
| File Name | splunkd.exe |
|---|---|
| Path | C:\Users\Public\splunkd.exe |
| SHA256 |
21a82bc892ffbe9e9351528ca53dde9b4c05c3d35a8696b15c5ff2a311533e6f
VT
|
Severity Analysis
HIGH
High priority investigation needed
Summary
Events
1
IP Addresses
3
Tags
2
File Artifacts
Yes
Network Artifacts
No
Registry Artifacts
No
Analyst Verdict