The process for running DLL’s on Windows. In normal usage the rundll32 process wil execute specific functions of DLL’s via the following format
rundll32.exe <DLL>, <EntryPoint>. Some DLL’s contain special function for running specific files. For example, rundll32 can be used to run
.CPL files via the
shell32.dll DLL and the
Control_RunDLL function. Malware author often abuse this by creating malicious
.CPL files and running them via the
Executable’s image path.
A process which spawned the analyzed process.
Depends from where the action was requested if a user clicks on something in the control panel, you'll see it running as a child of explorer.exe. If the user clicked the network settings from a browser like chrome or IE, you'll see it running as a child of those processes.
Expected number of processes running which may normally run on Windows.
Zero or more
Windows account with which the process was launched. This defines what privileges given process has.
Expected time of process to be launched.
Start times vary greatly