HIGH Process Injection - 288965039

Prevented (Blocked) ID: #36795 | Detected: 2026-01-16 22:25:04 | Malware
View Incident Back
Alert Overview

Shared object injection using LD_PRELOAD on a shell command

Unclassified
XDR Agent
New
DS:PANW/XDR Agent DOM:Security
Host Information
inbridge-42
172.30.1.22
root
f9f236c251cd4f1ab8660a81e41c7cc7
00:0c:29:89:fa:77
Process Information Process Execution
Actor Process (Executor)
Process Name sshd
Path /usr/sbin/sshd
PID 538261
SHA256 4cc983fa8f3a26626981dbbe79113348fb86cca3ec426f6af5fabd08215fd5e1 VT
MD5 6abd5bb3990d37d6ad2027f5a155af22 
sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
Parent Process (Causality)
Process Name sshd
Path /usr/sbin/sshd
SHA256 4cc983fa8f3a26626981dbbe79113348fb86cca3ec426f6af5fabd08215fd5e1 VT 
sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
MITRE ATT&CK Mapping
TA0005 - Defense Evasion TA0004 - Privilege Escalation
T1055 - Process Injection
Quick Actions
View Related Incident View Endpoint Check Hash on VirusTotal Back to Alerts
Severity Analysis
HIGH

High priority investigation needed

Summary
Events 1
IP Addresses 1
Tags 2
File Artifacts Yes
Network Artifacts No
Registry Artifacts No
Analyst Verdict