diff --git a/atomics/T1124/T1124.yaml b/atomics/T1124/T1124.yaml
index 5197f5a1..a0d89dae 100644
--- a/atomics/T1124/T1124.yaml
+++ b/atomics/T1124/T1124.yaml
@@ -49,3 +49,15 @@ atomic_tests:
     command: |
       W32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
     name: command_prompt
+- name: System Time with Windows time Command
+  description: |
+    Displays the current system time via the Windows builtin time command: https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/time
+    Recently observed in use in the wild during an incident involving Ursnif malware:
+    https://github.com/The-DFIR-Report/Sigma-Rules/blob/dc72f0b557fc63347379be0a33439788256761c8/rules/windows/process_creation/proc_creation_win_system_time_lookup.yml
+    https://thedfirreport.com/2023/01/09/unwrapping-ursnifs-gifts/
+  supported_platforms:
+  - windows
+  executor:
+    command: |
+      time
+    name: command_prompt