From b17f2b3840e8edfeb7eb9d936d65d7bfe46f9cd7 Mon Sep 17 00:00:00 2001
From: Andrew Rathbun <36825567+AndrewRathbun@users.noreply.github.com>
Date: Thu, 24 Feb 2022 11:52:21 -0500
Subject: [PATCH] Update proc_creation_win_susp_esentutl_params.yml

---
 .../process_creation/proc_creation_win_susp_esentutl_params.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/windows/process_creation/proc_creation_win_susp_esentutl_params.yml b/rules/windows/process_creation/proc_creation_win_susp_esentutl_params.yml
index 9dbe74aba..58ee30dd1 100644
--- a/rules/windows/process_creation/proc_creation_win_susp_esentutl_params.yml
+++ b/rules/windows/process_creation/proc_creation_win_susp_esentutl_params.yml
@@ -3,7 +3,7 @@ id: 7df1713a-1a5b-4a4b-a071-dc83b144a101
 status: experimental
 author: sam0x90
 date: 2021/08/06
-description: Conti recommendation to its affiliates to use esentult to access NTDS dumped file. Trickbot also uses this utilities to get MSEdge info via its module pwgrab.
+description: Conti recommendation to its affiliates to use esentutl to access NTDS dumped file. Trickbot also uses this utilities to get MSEdge info via its module pwgrab.
 references:
     - https://twitter.com/vxunderground/status/1423336151860002816
     - https://attack.mitre.org/software/S0404/