diff --git a/rules/windows/process_creation/process_creation_susp_non_exe_image.yml b/rules/windows/process_creation/process_creation_susp_non_exe_image.yml
index ca9cb4d97..7e864aaee 100644
--- a/rules/windows/process_creation/process_creation_susp_non_exe_image.yml
+++ b/rules/windows/process_creation/process_creation_susp_non_exe_image.yml
@@ -61,7 +61,7 @@ detection:
         Image|startswith:
             - 'C:\Program Files (x86)\WINPAKPRO\'
             - 'C:\Program Files\WINPAKPRO\'
-        Image|endswith: - '.ngn'
+        Image|endswith: '.ngn'
     filter_myq_server:
         Image:
             - 'C:\Program Files (x86)\MyQ\Server\pcltool.dll'