Detecting Fileless Malware Attacks Through Windows Registry Analysis: A Cybersecurity Case Study
- DOI
- 10.2991/978-94-6239-723-1_37How to use a DOI?
- Keywords
- Fileless malware; Windows registry; Registry forensics; Malware persistence; Memory-based attacks; Cyber threat detection; Digital forensic
- Abstract
The fileless malware has become a very elusive cyber threat, which uses genuine parts of the operating system to perform malicious functions directly in the memory without leaving the slightest trace in the form of a file. Such attacks are frequently not detected by traditional malware detection mechanisms that mostly use file signatures and static analysis. Windows Registry mechanisms have been used by attackers over the past years as a method of persistence, execution, and defense evasion, and Registry artifacts have become a critical but under investigated source of forensic evidence. This paper includes a cybersecurity case study that aims at identifying fileless malware by using systematic analysis of Windows Registry artifacts. The research paper reviews important Registry paths that are typically misused by the file- less malware such as start-up execution keys, Com hijacking entry, and environment-based persistence systems. The fileless attack scenario was controlled by use of legitimate windows utilities to monitor the types of Registry-level modifications that were created during the malicious execution. Registry artifacts obtained were examined to point out signs of compromise related to fileless behavior. The results prove that even though there are no malicious files present on the disk, fileless malware produces characteristic Registry-based signatures that can be used successfully to detect and examine it. The results indicate the applicability of Registry-based analysis as a light-weight and additional approach to other memory forensics and behavioral detection techniques. Registry analysis offers more insight into the persistence and execution patterns than traditional techniques, and requires less volatile memory acquisition. The research addresses a significant gap in the available literature about cybersecurity because it dwells upon the significance of Windows Registry artifacts in the process of identifying fileless malware. The proposed solution encourages better threat hunting, digital forensic investigations and incident response in the modern windows settings.
- Copyright
- © 2026 The Author(s)
- Open Access
- Open Access This chapter is licensed under the terms of the Creative Commons Attribution-NonCommercial 4.0 International License (http://creativecommons.org/licenses/by-nc/4.0/), which permits any noncommercial use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.
Cite this article
TY - CONF AU - Anuja Chincholkar AU - Pallavi Shejwal AU - Anal Salshingikar AU - Smita Gumaste PY - 2026 DA - 2026/07/14 TI - Detecting Fileless Malware Attacks Through Windows Registry Analysis: A Cybersecurity Case Study BT - Proceedings of the International Conference on Responsible, Risk-aware, and Regulated AI (RRRAI 2026) PB - Atlantis Press SP - 412 EP - 424 SN - 1951-6851 UR - https://doi.org/10.2991/978-94-6239-723-1_37 DO - 10.2991/978-94-6239-723-1_37 ID - Chincholkar2026 ER -