diff --git a/rules/initial_access_process_spawned_from_macro_enabled_microsoft_office_document.yml b/rules/initial_access_process_spawned_from_macro_enabled_microsoft_office_document.yml
index 8d63b2ea8..5c2cde268 100644
--- a/rules/initial_access_process_spawned_from_macro_enabled_microsoft_office_document.yml
+++ b/rules/initial_access_process_spawned_from_macro_enabled_microsoft_office_document.yml
@@ -20,10 +20,10 @@ labels:
 condition: >
   spawn_process
     and
-  ps.parent.name iin msoffice_binaries
+  ps.name iin msoffice_binaries
     and
   (
-    thread.callstack.modules imatches '*vbe?.dll'
+    thread.callstack.modules imatches ('*vbe?.dll')
       or
     thread.callstack.symbols imatches
       (