diff --git a/atomics/T1036/T1036.md b/atomics/T1036/T1036.md
index 5b856e9f..4913e783 100644
--- a/atomics/T1036/T1036.md
+++ b/atomics/T1036/T1036.md
@@ -30,6 +30,10 @@ An example of abuse of trusted locations in Linux  would be the <code>/bin</code
 
 - [Atomic Test #5 - Masquerading - powershell.exe running as taskhostw.exe](#atomic-test-5---masquerading---powershellexe-running-as-taskhostwexe)
 
+- [Atomic Test #6 - Masquerading - non-windows exe running as windows exe](#atomic-test-6---masquerading---non-windows-exe-running-as-windows-exe)
+
+- [Atomic Test #7 - Masquerading - windows exe running as different windows exe](#atomic-test-7---masquerading---windows-exe-running-as-different-windows-exe)
+
 
 <br/>
 
@@ -132,3 +136,59 @@ del /Q /F %APPDATA%\taskhostw.exe
 ```
 
 <br/>
+<br/>
+
+## Atomic Test #6 - Masquerading - non-windows exe running as windows exe
+Copies an exe, renames it as a windows exe, and launches it to masquerade as a real windows exe
+
+**Supported Platforms:** Windows
+
+
+#### Inputs
+| Name | Description | Type | Default Value | 
+|------|-------------|------|---------------|
+| inputfile | path of file to copy | path | $PathToAtomicsFolder\T1036\bin\t1036.exe|
+| outputfile | path of file to execute | path | ($env:SystemRoot + "\Temp\scvhost.exe")|
+
+#### Run it with `powershell`! 
+```
+copy #{inputfile} #{outputfile}
+$myT1036 = (Start-Process -PassThru -FilePath #{outputfile}).Id
+Stop-Process -ID $myT1036
+```
+
+
+#### Cleanup Commands:
+```
+del #{outputfile}
+```
+
+<br/>
+<br/>
+
+## Atomic Test #7 - Masquerading - windows exe running as different windows exe
+Copies a windows exe, renames it as another windows exe, and launches it to masquerade as second windows exe
+
+**Supported Platforms:** Windows
+
+
+#### Inputs
+| Name | Description | Type | Default Value | 
+|------|-------------|------|---------------|
+| inputfile | path of file to copy | path | $env:ComSpec|
+| outputfile | path of file to execute | path | ($env:SystemRoot + "\Temp\scvhost.exe")|
+
+#### Run it with `powershell`! 
+```
+copy #{inputfile} #{outputfile}
+$myT1036 = (Start-Process -PassThru -FilePath #{outputfile}).Id
+Stop-Process -ID $myT1036
+```
+
+
+#### Cleanup Commands:
+```
+del #{outputfile}
+```
+
+<br/>
diff --git a/atomics/index.md b/atomics/index.md
index 2be43da7..39d72cbe 100644
--- a/atomics/index.md
+++ b/atomics/index.md
@@ -289,6 +289,8 @@
   - Atomic Test #3: Masquerading - cscript.exe running as notepad.exe [windows]
   - Atomic Test #4: Masquerading - wscript.exe running as svchost.exe [windows]
   - Atomic Test #5: Masquerading - powershell.exe running as taskhostw.exe [windows]
+  - Atomic Test #6: Masquerading - non-windows exe running as windows exe [windows]
+  - Atomic Test #7: Masquerading - windows exe running as different windows exe [windows]
 - [T1112 Modify Registry](./T1112/T1112.md)
   - Atomic Test #1: Modify Registry of Current User Profile - cmd [windows]
   - Atomic Test #2: Modify Registry of Local Machine - cmd [windows]
diff --git a/atomics/index.yaml b/atomics/index.yaml
index de56d014..9c80634f 100644
--- a/atomics/index.yaml
+++ b/atomics/index.yaml
@@ -8540,6 +8540,56 @@ defense-evasion:
         cleanup_command: 'del /Q /F %APPDATA%\taskhostw.exe
 
 '
+    - name: Masquerading - non-windows exe running as windows exe
+      description: 'Copies an exe, renames it as a windows exe, and launches it to
+        masquerade as a real windows exe
+
+'
+      supported_platforms:
+      - windows
+      input_arguments:
+        inputfile:
+          description: path of file to copy
+          type: path
+          default: "$PathToAtomicsFolder\\T1036\\bin\\t1036.exe"
+        outputfile:
+          description: path of file to execute
+          type: path
+          default: ($env:SystemRoot + "\Temp\scvhost.exe")
+      executor:
+        name: powershell
+        elevation_required: false
+        command: |
+          copy #{inputfile} #{outputfile}
+          $myT1036 = (Start-Process -PassThru -FilePath #{outputfile}).Id
+          Stop-Process -ID $myT1036
+        cleanup_command: 'del #{outputfile}
+
+'
+    - name: Masquerading - windows exe running as different windows exe
+      description: 'Copies a windows exe, renames it as another windows exe, and launches
+        it to masquerade as second windows exe
+
+'
+      supported_platforms:
+      - windows
+      input_arguments:
+        inputfile:
+          description: path of file to copy
+          type: path
+          default: "$env:ComSpec"
+        outputfile:
+          description: path of file to execute
+          type: path
+          default: ($env:SystemRoot + "\Temp\scvhost.exe")
+      executor:
+        name: powershell
+        elevation_required: false
+        command: |
+          copy #{inputfile} #{outputfile}
+          $myT1036 = (Start-Process -PassThru -FilePath #{outputfile}).Id
+          Stop-Process -ID $myT1036
+        cleanup_command: 'del #{outputfile}'
   T1112:
     technique:
       x_mitre_data_sources:
diff --git a/atomics/windows-index.md b/atomics/windows-index.md
index 181ee513..fd2237fb 100644
--- a/atomics/windows-index.md
+++ b/atomics/windows-index.md
@@ -89,6 +89,8 @@
   - Atomic Test #3: Masquerading - cscript.exe running as notepad.exe [windows]
   - Atomic Test #4: Masquerading - wscript.exe running as svchost.exe [windows]
   - Atomic Test #5: Masquerading - powershell.exe running as taskhostw.exe [windows]
+  - Atomic Test #6: Masquerading - non-windows exe running as windows exe [windows]
+  - Atomic Test #7: Masquerading - windows exe running as different windows exe [windows]
 - [T1112 Modify Registry](./T1112/T1112.md)
   - Atomic Test #1: Modify Registry of Current User Profile - cmd [windows]
   - Atomic Test #2: Modify Registry of Local Machine - cmd [windows]