HIGH Persistency - 3227545572

Prevented (Blocked) ID: #3369 | Detected: 2026-01-03 04:30:01 | Malware
View Incident Back
Alert Overview

Suspicious cron job using a base64 payload

Unclassified
XDR Agent
New
DS:PANW/XDR Agent DOM:Security
Host Information
inbridge-42
172.30.1.22
root
f9f236c251cd4f1ab8660a81e41c7cc7
00:0c:29:89:fa:77
Process Information Process Execution
Actor Process (Executor)
Process Name cron
Path /usr/sbin/cron
PID 58395
SHA256 6bd8593640af2413bce259fa0affc18dbf149892756ebe805bf316624f8b590f VT
MD5 3159d21dc0325f937ad307b8e8cba959 
/usr/sbin/cron -f -P
Parent Process (Causality)
Process Name cron
Path /usr/sbin/cron
SHA256 6bd8593640af2413bce259fa0affc18dbf149892756ebe805bf316624f8b590f VT 
/usr/sbin/cron -f -P
MITRE ATT&CK Mapping
TA0005 - Defense Evasion
T1027.010 - Obfuscated Files or Information: Command Obfuscation
Quick Actions
View Related Incident View Endpoint Check Hash on VirusTotal Back to Alerts
Severity Analysis
HIGH

High priority investigation needed

Summary
Events 1
IP Addresses 1
Tags 2
File Artifacts Yes
Network Artifacts No
Registry Artifacts No
Analyst Verdict