MEDIUM Rundll32.exe was used to run JavaScript

Detected ID: #34855 | Detected: 2026-01-15 13:06:18 | Execution
View Incident Back
Alert Overview

Process action type = execution AND target process cmd = * javascript:* AND target process name = rundll32.exe

Unclassified
XDR BIOC
New
DS:PANW/XDR Agent DOM:Security
Host Information
DESKTOP-FNUMV3U
172.30.1.80 172.29.32.1 172.26.224.1
DESKTOP-FNUMV3U\User
6761b82386d0481190f91c4255079cb7
-
Process Information Process Execution
Actor Process (Executor)
Process Name UltimateXdrGenerator.exe
Path C:\app\cortex-xdr-siem-test\xdr_tools\UltimateXdrGenerator\bin\publish\UltimateXdrGenerator.exe
PID 16896
SHA256 7ae4a9f4edd80c1cde8a4bcf49079b769591f422eae8fe4ec0ccac1a5b30cc1c VT
MD5 d020123497cabbfe3ba720dd2f2089b2 
"C:\app\cortex-xdr-siem-test\xdr_tools\UltimateXdrGenerator\bin\publish\UltimateXdrGenerator.exe"  --once --scenarios 20
Action Process (Target)
Process Name rundll32.exe
SHA256 076592ca1957f8f357cc201f0015072c612f5770ad7de85f87f254253c754dd7 VT
Signature Microsoft Corporation Signed 
"rundll32.exe" javascript:"\..\mshtml,RunHTMLApplication";close()
Parent Process (Causality)
Process Name cmd.exe
Path C:\Windows\System32\cmd.exe
SHA256 badf4752413cb0cbdc03fb95820ca167f0cdc63b597ccdb5ef43111180e088b0 VT
MD5 2b40c98ed0f7a1d3b091a3e8353132dc 
C:\WINDOWS\SYSTEM32\cmd.exe /c ""C:\app\cortex-xdr-siem-test\xdr_ultimate_runner.bat""
MITRE ATT&CK Mapping
TA0005 - Defense Evasion
T1216 - System Script Proxy Execution
Quick Actions
View Related Incident View Endpoint Check Hash on VirusTotal Back to Alerts
Severity Analysis
MEDIUM

Review and assess impact

Summary
Events 1
IP Addresses 3
Tags 2
File Artifacts Yes
Network Artifacts No
Registry Artifacts No
Analyst Verdict