diff --git a/rules/windows/process_creation/win_susp_powershell_enc_cmd.yml b/rules/windows/process_creation/win_susp_powershell_enc_cmd.yml
index c8e87717b..67115f264 100644
--- a/rules/windows/process_creation/win_susp_powershell_enc_cmd.yml
+++ b/rules/windows/process_creation/win_susp_powershell_enc_cmd.yml
@@ -25,6 +25,7 @@ detection:
             - '* -en JAB*'
             - '* -enc JAB*'
             - '* -enc* JAB*'
+            - '* -w hidden -e* JAB*'
             - '* BA^J e-'
             - '* -e SUVYI*'
             - '* -e aWV4I*'