HIGH Staged Malware Activity - 2123359011

Detected (Reported) ID: #31518 | Detected: 2026-01-13 13:30:01 | Malware
View Incident Back
Alert Overview

Process executes an obfuscated command for fetching remote files

Unclassified
XDR Agent
New
DS:PANW/XDR Agent DOM:Security
Host Information
in-bridge-40
172.30.1.19
root
afa8597c6069424e8b26ac7eb3cdaae4
00:0c:29:c8:eb:b6
Process Information Process Execution
Actor Process (Executor)
Process Name cron
Path /usr/sbin/cron
PID 566745
SHA256 ffc30864da514025c073a29d5afc6705ff8bbe4ecfdbc7917dd674e37b7b1b8a VT
MD5 b21931de436519534d4d72a76bb8c7da 
/usr/sbin/cron -f -P
Parent Process (Causality)
Process Name cron
Path /usr/sbin/cron
SHA256 ffc30864da514025c073a29d5afc6705ff8bbe4ecfdbc7917dd674e37b7b1b8a VT 
/usr/sbin/cron -f -P
MITRE ATT&CK Mapping
TA0002 - Execution
T1059.004 - Command and Scripting Interpreter: Unix Shell
Quick Actions
View Related Incident View Endpoint Check Hash on VirusTotal Back to Alerts
Severity Analysis
HIGH

High priority investigation needed

Summary
Events 1
IP Addresses 1
Tags 2
File Artifacts Yes
Network Artifacts No
Registry Artifacts No
Analyst Verdict