INFO
DLL is an entry point to functions or common set of subroutines. Nomally DLLMain function is called at the beginning. Any executable running will have set of DLL's loaded or mapped into the address space of a process. Once the process is done, it can detach the DLL
DLL is considered to be an executable but it cannot run standalone e.g. you can't just click on it like any other executable file
RUNDLL is used to execute a function directly from a DLL file i.e. without using any executable. The issue with rundll32.exe is that it can easily run a malicious payload. Antivirus programs could miss malicious payload if placed within DLL. Payload could also be completely encrypted.
A function could be loaded very easily and would run as rundll child i.e. same address space. Or it could be detached and run as a separate process. Attackers use rundll quiet often to by-pass basic AV prevention
In the videos you could see a command line starting an evil payload
Here is the flow, how its normally loaded
You can make a malicious DLL with few bad ass functions and find a way to drop it on victim's machine. This attack could have 2 stages. A first stage executable or just a script e.g. VBS, Powershell etc followed by a DLL or vice versa