diff --git a/rules/windows/process_creation/win_susp_copy_systemroot.yml b/rules/windows/process_creation/win_susp_copy_systemroot.yml
index 7c37dd96d..7633bb108 100644
--- a/rules/windows/process_creation/win_susp_copy_systemroot.yml
+++ b/rules/windows/process_creation/win_susp_copy_systemroot.yml
@@ -14,7 +14,7 @@ tags:
 detection:
     selection:
         CommandLine|contains:
-            - 'cmd.exe /c copy %SysteRoot%'
+            - 'cmd.exe /c copy %SystemRoot%'
             - 'cmd.exe /c copy C:\Windows'
     condition: selection
 fields: