diff --git a/rules/windows/process_creation/proc_creation_win_susp_service_tamper.yml b/rules/windows/process_creation/proc_creation_win_susp_service_tamper.yml
index d363c1c4fb9..8d153142bb5 100644
--- a/rules/windows/process_creation/proc_creation_win_susp_service_tamper.yml
+++ b/rules/windows/process_creation/proc_creation_win_susp_service_tamper.yml
@@ -18,10 +18,11 @@ references:
     - https://www.virustotal.com/gui/file/38283b775552da8981452941ea74191aa0d203edd3f61fb2dee7b0aea3514955
 author: Nasreddine Bencherchali (Nextron Systems), frack113 , X__Junior
 date: 2022-09-01
-modified: 2024-10-21
+modified: 2024-12-23
 tags:
     - attack.defense-evasion
     - attack.t1489
+    - attack.t1562.001
 logsource:
     category: process_creation
     product: windows
@@ -148,6 +149,7 @@ detection:
             - 'mfewc'
             - 'MMS'
             - 'mozyprobackup'
+            - 'mpssvc'
             - 'MSComplianceAudit'
             - 'MSDTC'
             - 'MsDtsServer'
@@ -235,6 +237,7 @@ detection:
             - 'swi_service'
             - 'swi_update'
             - 'Symantec'
+            - 'sysmon'
             - 'TeamViewer'
             - 'Telemetryserver'
             - 'ThreatLockerService'
@@ -277,6 +280,7 @@ detection:
             - 'WRSVC'
             - 'wsbexchange'
             - 'WSearch'
+            - 'wscsvc'
             - 'Zoolz 2 Service'
     condition: all of selection_*
 falsepositives: