Internet Shortcut Shell Extension DLL.
-
Launch a HTML application payload by calling OpenURL.
rundll32.exe url.dll,OpenURL "C:\test\calc.hta"
- Use case
- Invoke an HTML Application via mshta.exe (Default Handler).
- Privileges required
- User
- Operating systems
- Windows 10, Windows 11
- ATT&CK® technique
- T1218.011
-
Launch an executable payload via proxy through a(n) URL (information) file by calling OpenURL.
rundll32.exe url.dll,OpenURL "C:\test\calc.url"
- Use case
- Load an executable payload by calling a .url file with or without quotes.
- Privileges required
- User
- Operating systems
- Windows 10, Windows 11
- ATT&CK® technique
- T1218.011
-
Launch an executable by calling OpenURL.
rundll32.exe url.dll,OpenURL file://^C^:^/^W^i^n^d^o^w^s^/^s^y^s^t^e^m^3^2^/^c^a^l^c^.^e^x^e
- Use case
- Load an executable payload by specifying the file protocol handler (obfuscated).
- Privileges required
- User
- Operating systems
- Windows 10, Windows 11
- ATT&CK® technique
- T1218.011
-
Launch an executable by calling FileProtocolHandler.
rundll32.exe url.dll,FileProtocolHandler calc.exe
- Use case
- Launch an executable.
- Privileges required
- User
- Operating systems
- Windows 10, Windows 11
- ATT&CK® technique
- T1218.011
-
Launch an executable by calling FileProtocolHandler.
rundll32.exe url.dll,FileProtocolHandler file://^C^:^/^W^i^n^d^o^w^s^/^s^y^s^t^e^m^3^2^/^c^a^l^c^.^e^x^e
- Use case
- Load an executable payload by specifying the file protocol handler (obfuscated).
- Privileges required
- User
- Operating systems
- Windows 10, Windows 11
- ATT&CK® technique
- T1218.011
-
Launch a HTML application payload by calling FileProtocolHandler.
rundll32.exe url.dll,FileProtocolHandler file:///C:/test/test.hta
- Use case
- Invoke an HTML Application via mshta.exe (Default Handler).
- Privileges required
- User
- Operating systems
- Windows 10, Windows 11
- ATT&CK® technique
- T1218.011