diff --git a/rules/windows/process_creation/proc_creation_win_susp_esentutl_params.yml b/rules/windows/process_creation/proc_creation_win_susp_esentutl_params.yml
index 9dbe74aba..58ee30dd1 100644
--- a/rules/windows/process_creation/proc_creation_win_susp_esentutl_params.yml
+++ b/rules/windows/process_creation/proc_creation_win_susp_esentutl_params.yml
@@ -3,7 +3,7 @@ id: 7df1713a-1a5b-4a4b-a071-dc83b144a101
 status: experimental
 author: sam0x90
 date: 2021/08/06
-description: Conti recommendation to its affiliates to use esentult to access NTDS dumped file. Trickbot also uses this utilities to get MSEdge info via its module pwgrab.
+description: Conti recommendation to its affiliates to use esentutl to access NTDS dumped file. Trickbot also uses this utilities to get MSEdge info via its module pwgrab.
 references:
     - https://twitter.com/vxunderground/status/1423336151860002816
     - https://attack.mitre.org/software/S0404/