HIGH Staged Malware Activity - 2123359011

Detected (Reported) ID: #6400 | Detected: 2026-01-05 10:30:02 | Malware
View Incident Back
Alert Overview

Process executes an obfuscated command for fetching remote files

Unclassified
XDR Agent
New
DS:PANW/XDR Agent DOM:Security
Host Information
inbridge-42
172.30.1.22
root
f9f236c251cd4f1ab8660a81e41c7cc7
00:0c:29:89:fa:77
Process Information Process Execution
Actor Process (Executor)
Process Name cron
Path /usr/sbin/cron
PID 85753
SHA256 6bd8593640af2413bce259fa0affc18dbf149892756ebe805bf316624f8b590f VT
MD5 3159d21dc0325f937ad307b8e8cba959 
/usr/sbin/cron -f -P
Parent Process (Causality)
Process Name cron
Path /usr/sbin/cron
SHA256 6bd8593640af2413bce259fa0affc18dbf149892756ebe805bf316624f8b590f VT 
/usr/sbin/cron -f -P
MITRE ATT&CK Mapping
TA0002 - Execution
T1059.004 - Command and Scripting Interpreter: Unix Shell
Quick Actions
View Related Incident View Endpoint Check Hash on VirusTotal Back to Alerts
Severity Analysis
HIGH

High priority investigation needed

Summary
Events 1
IP Addresses 1
Tags 2
File Artifacts Yes
Network Artifacts No
Registry Artifacts No
Analyst Verdict