HIGH Script Activity - 3055004603

Prevented (Blocked) ID: #36939 | Detected: 2026-01-16 23:26:06 | Malware
View Incident Back
Alert Overview

Suspicious script engine arguments in command line

Unclassified
XDR Agent
New
DS:PANW/XDR Agent DOM:Security
Host Information
teahee
172.30.1.72
dokji
129b847f7f5b46babe68cce9eab29db4
e8:84:a5:3f:53:7c
Process Information Process Execution
Actor Process (Executor)
Process Name cmd.exe
Path C:\Windows\System32\cmd.exe
PID 22912
SHA256 64afc6db3aad1289533662e2d79e27dd55c7dcdb8cd918b08e145ad82ad5acb4 VT
MD5 6d109a3a00f210c1ab89c3b08399ed48
Signature Microsoft Corporation N/A 
C:\WINDOWS\SYSTEM32\cmd.exe /c ""C:\app\cortex-xdr-siem-test\xdr_incident_runner.bat""
MITRE ATT&CK Mapping
TA0002 - Execution
T1059 - Command and Scripting Interpreter
Quick Actions
View Related Incident View Endpoint Check Hash on VirusTotal Back to Alerts
Severity Analysis
HIGH

High priority investigation needed

Summary
Events 1
IP Addresses 1
Tags 2
File Artifacts Yes
Network Artifacts No
Registry Artifacts No
Analyst Verdict