diff --git a/atomics/T1031/T1031.yaml b/atomics/T1031/T1031.yaml
new file mode 100644
index 00000000..c2b61952
--- /dev/null
+++ b/atomics/T1031/T1031.yaml
@@ -0,0 +1,19 @@
+---
+attack_technique: T1031
+display_name: Modify Existing Service
+
+atomic_tests:
+- name: Modify Fax service to run PowerShell
+  description: |
+    This test will temporarily modify the service Fax by changing the binPath to PowerShell
+    and will then revert the binPath change, restoring Fax to its original state.
+
+  supported_platforms:
+    - windows
+
+  executor:
+    name: command_prompt
+    command: |
+      sc config Fax binPath= "C:\windows\system32\WindowsPowerShell\v1.0\powershell.exe -noexit -c \"write-host 'T1031 Test'\""
+      sc start Fax
+      sc config Fax binPath= "C:\WINDOWS\system32\fxssvc.exe"