<<< Hide Navigation Hide TOC >>>

Self Extraction Directive File Created In Potentially Suspicious Location (760e75d8-c3b5-409b-a9bf-6130b4c4603f)

Detects the creation of Self Extraction Directive files (.sed) in a potentially suspicious location. These files are used by the "iexpress.exe" utility in order to create self extracting packages. Attackers were seen abusing this utility and creating PE files with embedded ".sed" entries.

Rows: 1

Loading extensions...

Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
<, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx:
Learn more

---

TableFilter v0.7.2

https://www.tablefilter.com/
©2015-2025 Max Guglielmi

Close

?

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
	Clear Attack Pattern		Clear Sigma-Rules	Clear 1
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	Self Extraction Directive File Created In Potentially Suspicious Location (760e75d8-c3b5-409b-a9bf-6130b4c4603f)	Sigma-Rules	1