logo

Suspicious USB-Borne Malware Infection in Isolated Operational Environment

ID: 029b6175-07b7-4101-82ba-9b1186ffc86a

STIX ID: report--029b6175-07b7-4101-82ba-9b1186ffc86a

Threat Score

65/100

Uploaded: 2026-04-13

Created by: Report Uploader

TLP:GREEN
...
...
An engineering workstation in an isolated operational environment executed malware from removable media (D:\documents\plant_layout_viewer.exe) on 7 April 2026. The malware spawned cmd.exe, enumerated local drives and connected shares, and created a hidden directory (C:\ProgramData\SysCache) containing a data file (sync.dat) and a loader (runtimehost32.exe); no external communications were observed. Identified artifacts include the initial file, secondary binary, data file, hostname OT-ENG-WS-07, and SHA256 f2b91c4f14f0d2ee6efc80e9db57c0fd94df0d1be3cf04d7f93e4dd2a33bf018.