diff --git a/rules/windows/image_load/image_load_uac_bypass_iscsicpl.yml b/rules/windows/image_load/image_load_uac_bypass_iscsicpl.yml
index 982df5302..0a263546e 100644
--- a/rules/windows/image_load/image_load_uac_bypass_iscsicpl.yml
+++ b/rules/windows/image_load/image_load_uac_bypass_iscsicpl.yml
@@ -7,12 +7,14 @@ references:
     - https://github.com/hackerhouse-opensource/iscsicpl_bypassUAC
     - https://twitter.com/wdormann/status/1547583317410607110
 date: 2022/07/17
+modified: 2022/07/25
 logsource:
     product: windows
     category: image_load
 detection:
     selection:
         Image: C:\Windows\SysWOW64\iscsicpl.exe
+        ImageLoaded|endswith: '\iscsiexe.dll'
     filter:
         ImageLoaded|contains|all:
             - 'C:\Windows\'