diff --git a/rules/windows/process_creation/win_query_registry.yml b/rules/windows/process_creation/win_query_registry.yml
index 507fb8a67..193fa70eb 100644
--- a/rules/windows/process_creation/win_query_registry.yml
+++ b/rules/windows/process_creation/win_query_registry.yml
@@ -36,3 +36,4 @@ level: low
 tags:
     - attack.discovery
     - attack.t1012
+    - attack.t1007