diff --git a/rules/windows/process_creation/proc_creation_win_cmd_unusual_parent.yml b/rules/windows/process_creation/proc_creation_win_cmd_unusual_parent.yml
index 5dab95a0a13..4c6d3687d8e 100644
--- a/rules/windows/process_creation/proc_creation_win_cmd_unusual_parent.yml
+++ b/rules/windows/process_creation/proc_creation_win_cmd_unusual_parent.yml
@@ -6,7 +6,7 @@ references:
     - https://www.elastic.co/guide/en/security/current/unusual-parent-process-for-cmd.exe.html
 author: Tim Rauch
 date: 2022/09/21
-modified: 2023/03/07
+modified: 2023/12/05
 tags:
     - attack.execution
     - attack.t1059
@@ -38,7 +38,7 @@ detection:
             - '\taskhostw.exe'
             - '\unsecapp.exe'
             - '\WerFault.exe'
-            - '\wergmgr.exe'
+            - '\wermgr.exe'
             - '\wlanext.exe'
             - '\WUDFHost.exe'
     condition: selection