diff --git a/rules-emerging-threats/2020/TA/SolarWinds-Supply-Chain/proc_creation_win_apt_unc2452_cmds.yml b/rules-emerging-threats/2020/TA/SolarWinds-Supply-Chain/proc_creation_win_apt_unc2452_cmds.yml
index 3ae86ca4a96..b7589eac31b 100644
--- a/rules-emerging-threats/2020/TA/SolarWinds-Supply-Chain/proc_creation_win_apt_unc2452_cmds.yml
+++ b/rules-emerging-threats/2020/TA/SolarWinds-Supply-Chain/proc_creation_win_apt_unc2452_cmds.yml
@@ -6,7 +6,7 @@ references:
     - https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/
 author: Florian Roth (Nextron Systems)
 date: 2021-01-22
-modified: 2023-09-12
+modified: 2024-09-12
 tags:
     - attack.execution
     - attack.t1059.001
@@ -42,7 +42,7 @@ detection:
             - '.dll,Tk_'
     selection_generic_4:
         ParentImage|endswith: '\rundll32.exe'
-        ParentCommandLine|contains:
+        ParentCommandLine|contains|all:
             - 'C:\Windows'
             - '.dll'
         CommandLine|contains: 'cmd.exe /C '