Skip to content

<<< Hide Navigation Hide TOC >>>

Self Extraction Directive File Created In Potentially Suspicious Location (760e75d8-c3b5-409b-a9bf-6130b4c4603f)

Detects the creation of Self Extraction Directive files (.sed) in a potentially suspicious location. These files are used by the "iexpress.exe" utility in order to create self extracting packages. Attackers were seen abusing this utility and creating PE files with embedded ".sed" entries.

Galaxy ColorsAttack Pat...Sigma-Rule...
Rows: 1
Loading extensions...
Collapse filters
Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
<, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx:
Learn more

TableFilter v0.7.2

https://www.tablefilter.com/
©2015-2025 Max Guglielmi
?
Cluster A Galaxy A Cluster B Galaxy B Level
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern Self Extraction Directive File Created In Potentially Suspicious Location (760e75d8-c3b5-409b-a9bf-6130b4c4603f) Sigma-Rules 1