W32/Dloader.JK!tr

description-logoAnalysis

  • This threat is related to a Windows Metafile Exploit. Detection of this file is an indication that a WMF exploit has occurred or will occur against the system where the threat was identified.
  • It drops the following files:
    • undefinedsystemundefined\rpcc.dll
  • It tries to access the following URL:
    • https://66.18{REMOVED}01/
  • Adds the following registry:
    • key: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rpcc
    • value:
    • data:
  • Adds the following registry:
    • key: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rpcc\DllName
    • value: C:\windows\system32\rpcc.dll
    • data:

    recommended-action-logoRecommended Action

      FortiGate Systems
    • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.

    Telemetry logoTelemetry

    Detection Availability

    FortiGate
    Extended
    FortiClient
    FortiMail
    FortiSandbox
    FortiWeb
    Web Application Firewall
    FortiIsolator
    FortiDeceptor
    FortiEDR