Potential Mftrace.EXE Abuse (3d48c9d3-1aa6-418d-98d3-8fd3c01a564e)
Detects child processes of the "Trace log generation tool for Media Foundation Tools" (Mftrace.exe) which can abused to execute arbitrary binaries.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Potential Mftrace.EXE Abuse (3d48c9d3-1aa6-418d-98d3-8fd3c01a564e) | Sigma-Rules | Trusted Developer Utilities Proxy Execution - T1127 (ff25900d-76d5-449b-a351-8824e62fc81b) | Attack Pattern | 1 |