diff --git a/atomics/T1547.001/T1547.001.yaml b/atomics/T1547.001/T1547.001.yaml
index fd50cfe4..36314fb8 100644
--- a/atomics/T1547.001/T1547.001.yaml
+++ b/atomics/T1547.001/T1547.001.yaml
@@ -332,3 +332,45 @@ atomic_tests:
       Remove-ItemProperty -Path  "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name 'Shell-backup'
     name: powershell
     elevation_required: true
+- name: HKLM - Persistence using CommandProcessor AutoRun key (With Elevation)
+  auto_generated_guid: a574dafe-a903-4cce-9701-14040f4f3532
+  description:  |-
+    An adversary may abuse the CommandProcessor AutoRun registry key to persist. Every time cmd.exe is executed, the command defined in the AutoRun key also gets executed.
+    [reference](https://devblogs.microsoft.com/oldnewthing/20071121-00/?p=24433)
+  supported_platforms:
+  - windows
+  input_arguments:
+    command:
+      description: Command to Execute
+      type: string
+      default: notepad.exe
+  executor:
+    command: |- 
+      New-ItemProperty -Path "HKLM:\Software\Microsoft\Command Processor" -Name "AutoRun" -Value "#{command}" -PropertyType "String"
+    cleanup_command: |-
+      Remove-ItemProperty -Path "HKLM:\Software\Microsoft\Command Processor" -Name "AutoRun" -ErrorAction Ignore
+    name: powershell
+    elevation_required: true
+- name: HKCU - Persistence using CommandProcessor AutoRun key (With Elevation)
+  description:  |-
+    An adversary may abuse the CommandProcessor AutoRun registry key to persist. Every time cmd.exe is executed, the command defined in the AutoRun key also gets executed.
+    [reference](https://devblogs.microsoft.com/oldnewthing/20071121-00/?p=24433)
+  supported_platforms:
+  - windows
+  input_arguments:
+    command:
+      description: Command to Execute
+      type: string
+      default: notepad.exe
+  executor:
+    command: |- 
+      $path = "HKCU:\Software\Microsoft\Command Processor"
+      if (!(Test-Path -path $path)){
+        New-Item -ItemType Key -Path $path
+      }
+      New-ItemProperty -Path $path -Name "AutoRun" -Value "#{command}" -PropertyType "String"
+    cleanup_command: |-
+      Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Command Processor" -Name "AutoRun" -ErrorAction Ignore
+    name: powershell
+    elevation_required: true
+