diff --git a/rules/windows/process_access/proc_access_win_in_memory_assembly_execution.yml b/rules-deprecated/windows/proc_access_win_in_memory_assembly_execution.yml
similarity index 99%
rename from rules/windows/process_access/proc_access_win_in_memory_assembly_execution.yml
rename to rules-deprecated/windows/proc_access_win_in_memory_assembly_execution.yml
index 418d82b29..d77205532 100644
--- a/rules/windows/process_access/proc_access_win_in_memory_assembly_execution.yml
+++ b/rules-deprecated/windows/proc_access_win_in_memory_assembly_execution.yml
@@ -1,6 +1,6 @@
 title: Suspicious In-Memory Module Execution
 id: 5f113a8f-8b61-41ca-b90f-d374fa7e4a39
-status: experimental
+status: deprecated
 description: |
     Detects the access to processes by other suspicious processes which have reflectively loaded libraries in their memory space.
     An example is SilentTrinity C2 behaviour. Generally speaking, when Sysmon EventID 10 cannot reference a stack call to a dll loaded from disk (the standard way),