diff --git a/atomics/T1040/T1040.yaml b/atomics/T1040/T1040.yaml
index aaa93867..4250789a 100644
--- a/atomics/T1040/T1040.yaml
+++ b/atomics/T1040/T1040.yaml
@@ -75,3 +75,20 @@ atomic_tests:
       c:\windump.exe
     name: command_prompt
     elevation_required: true
+    
+- name: Windows Internal Packet Capture
+  description: |-
+    Uses the built-in Windows packet capture
+    After execution you should find a file named trace.etl and trace.cab in the temp directory
+  supported_platforms:
+  - windows
+  executor:
+    command: netsh trace start capture=yes tracefile=%temp%\trace.etl maxsize=10
+    cleanup_command: |-
+      netsh trace stop
+      TIMEOUT /T 50
+      del %temp%\trace.etl
+      del %temp%\trace.cab
+    name: command_prompt
+    elevation_required: true
+