diff --git a/rules/windows/process_creation/win_multiple_suspicious_cli.yml b/rules/windows/process_creation/win_multiple_suspicious_cli.yml
index d4237c788..2be4cda9c 100644
--- a/rules/windows/process_creation/win_multiple_suspicious_cli.yml
+++ b/rules/windows/process_creation/win_multiple_suspicious_cli.yml
@@ -19,7 +19,7 @@ detection:
             - hostname.exe
             - ipconfig.exe
             - mimikatz.exe
-            - nbstat.exe
+            - nbtstat.exe
             - net.exe
             - netsh.exe
             - nslookup.exe