It’s the same as if you were playing a flash game in the browser. When the ad comes in, it loads this “flash” game, it’s a specifically designed ad that allows you to play for 30 seconds and then it turns off to a normal static ad usually

Sometimes the ad is an iframe and other times the browser loads the ad’s code in a sanitized environment. These are more rare probably because they are more expensive and must be screened properly; to ensure they are not using some kind of exploit to do something malicious to the end user.

Flash was a major proponent of interactive advertisements in the 06-11 era but, as you can imagine, security flaws were way too evident to be worth the risk.