HIGH Process Injection - 288965039

Detected (Reported) ID: #32212 | Detected: 2026-01-13 17:53:09 | Malware
View Incident Back
Alert Overview

Shared object injection using LD_PRELOAD on a shell command

Unclassified
XDR Agent
New
DS:PANW/XDR Agent DOM:Security
Host Information
inbridge-ubt-24
172.18.0.1 172.30.1.58
root
ec4ccd76eede4e209d36da4499a5bba8
5c:b4:7e:be:a3:70
Process Information Process Execution
Actor Process (Executor)
Process Name sshd
Path /usr/sbin/sshd
PID 1025629
SHA256 4cc983fa8f3a26626981dbbe79113348fb86cca3ec426f6af5fabd08215fd5e1 VT
MD5 6abd5bb3990d37d6ad2027f5a155af22 
sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
Parent Process (Causality)
Process Name sshd
Path /usr/sbin/sshd
SHA256 4cc983fa8f3a26626981dbbe79113348fb86cca3ec426f6af5fabd08215fd5e1 VT 
sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
MITRE ATT&CK Mapping
TA0005 - Defense Evasion TA0004 - Privilege Escalation
T1055 - Process Injection
Quick Actions
View Related Incident View Endpoint Check Hash on VirusTotal Back to Alerts
Severity Analysis
HIGH

High priority investigation needed

Summary
Events 1
IP Addresses 2
Tags 2
File Artifacts Yes
Network Artifacts No
Registry Artifacts No
Analyst Verdict