From 34ea706e4fe91c8a2c7ae11b953407e1dd67a319 Mon Sep 17 00:00:00 2001
From: Florian Roth <venom14@gmail.com>
Date: Fri, 3 Jul 2020 10:24:58 +0200
Subject: [PATCH] fix: typo in systemroot

---
 rules/windows/process_creation/win_susp_copy_systemroot.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/windows/process_creation/win_susp_copy_systemroot.yml b/rules/windows/process_creation/win_susp_copy_systemroot.yml
index 7c37dd96d..7633bb108 100644
--- a/rules/windows/process_creation/win_susp_copy_systemroot.yml
+++ b/rules/windows/process_creation/win_susp_copy_systemroot.yml
@@ -14,7 +14,7 @@ tags:
 detection:
     selection:
         CommandLine|contains:
-            - 'cmd.exe /c copy %SysteRoot%'
+            - 'cmd.exe /c copy %SystemRoot%'
             - 'cmd.exe /c copy C:\Windows'
     condition: selection
 fields: