Suspicious USB-Borne Malware Infection in Isolated Operational Environment
ID: 029b6175-07b7-4101-82ba-9b1186ffc86a
STIX ID: report--029b6175-07b7-4101-82ba-9b1186ffc86a
Threat Score
65/100
An engineering workstation in an isolated operational environment executed malware from removable media (D:\documents\plant_layout_viewer.exe) on 7 April 2026. The malware spawned cmd.exe, enumerated local drives and connected shares, and created a hidden directory (C:\ProgramData\SysCache) containing a data file (sync.dat) and a loader (runtimehost32.exe); no external communications were observed. Identified artifacts include the initial file, secondary binary, data file, hostname OT-ENG-WS-07, and SHA256 f2b91c4f14f0d2ee6efc80e9db57c0fd94df0d1be3cf04d7f93e4dd2a33bf018.
