![]() ![]() ![]() Additionally, adversaries are known to abuse export functionality in legitimate DLLs, including those that can facilitate connection to network resources to bypass proxies and evade detection. Executing malicious code as a DLL allows an adversary to keep their malware from appearing directly in a process tree, as a directly executed EXE would. This necessity and ubiquity makes Rundll32 an attractive target for adversaries intent on blending in.įrom a practical standpoint, Rundll32 enables the execution of native dynamic link libraries (DLL). It is a functionally necessary component of the Windows operating system that can’t be simply blocked or disabled. Like many of the most prevalent ATT&CK techniques, Rundll32 is a native Windows process that’s installed by default on nearly every Microsoft computer dating back to Windows 95. ![]()
0 Comments
Leave a Reply. |