Proceedings of the International Conference on Responsible, Risk-aware, and Regulated AI (RRRAI 2026)

International Conference on Responsible, Risk-aware, and Regulated AI (RRRAI 2026)

📍Pune, Maharashtra, India🗓️ 3-4 April 2026

Detecting Fileless Malware Attacks Through Windows Registry Analysis: A Cybersecurity Case Study

Authors
Anuja Chincholkar1, *, Pallavi Shejwal2, Anal Salshingikar3, Smita Gumaste1
1Computer Science and Engineering Department, School of Computing, MIT ADT University, Pune, India
2Department of Information Technology, PCCOER, Pune, India
3MBA Cyber Security Management, National Forensic Sciences University, Gandhinagar, Gujarat, India
*Corresponding author. Email: palhadeanuja@gmail.com
Corresponding Author
Anuja Chincholkar
Available Online 14 July 2026.
DOI
10.2991/978-94-6239-723-1_37How to use a DOI?
Keywords
Fileless malware; Windows registry; Registry forensics; Malware persistence; Memory-based attacks; Cyber threat detection; Digital forensic
Abstract

The fileless malware has become a very elusive cyber threat, which uses genuine parts of the operating system to perform malicious functions directly in the memory without leaving the slightest trace in the form of a file. Such attacks are frequently not detected by traditional malware detection mechanisms that mostly use file signatures and static analysis. Windows Registry mechanisms have been used by attackers over the past years as a method of persistence, execution, and defense evasion, and Registry artifacts have become a critical but under investigated source of forensic evidence. This paper includes a cybersecurity case study that aims at identifying fileless malware by using systematic analysis of Windows Registry artifacts. The research paper reviews important Registry paths that are typically misused by the file- less malware such as start-up execution keys, Com hijacking entry, and environment-based persistence systems. The fileless attack scenario was controlled by use of legitimate windows utilities to monitor the types of Registry-level modifications that were created during the malicious execution. Registry artifacts obtained were examined to point out signs of compromise related to fileless behavior. The results prove that even though there are no malicious files present on the disk, fileless malware produces characteristic Registry-based signatures that can be used successfully to detect and examine it. The results indicate the applicability of Registry-based analysis as a light-weight and additional approach to other memory forensics and behavioral detection techniques. Registry analysis offers more insight into the persistence and execution patterns than traditional techniques, and requires less volatile memory acquisition. The research addresses a significant gap in the available literature about cybersecurity because it dwells upon the significance of Windows Registry artifacts in the process of identifying fileless malware. The proposed solution encourages better threat hunting, digital forensic investigations and incident response in the modern windows settings.

Copyright
© 2026 The Author(s)
Open Access
Open Access This chapter is licensed under the terms of the Creative Commons Attribution-NonCommercial 4.0 International License (http://creativecommons.org/licenses/by-nc/4.0/), which permits any noncommercial use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.

Download article (PDF)

Volume Title
Proceedings of the International Conference on Responsible, Risk-aware, and Regulated AI (RRRAI 2026)
Series
Advances in Intelligent Systems Research
Publication Date
14 July 2026
ISBN
978-94-6239-723-1
ISSN
1951-6851
DOI
10.2991/978-94-6239-723-1_37How to use a DOI?
Copyright
© 2026 The Author(s)
Open Access
Open Access This chapter is licensed under the terms of the Creative Commons Attribution-NonCommercial 4.0 International License (http://creativecommons.org/licenses/by-nc/4.0/), which permits any noncommercial use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.

Cite this article

TY  - CONF
AU  - Anuja Chincholkar
AU  - Pallavi Shejwal
AU  - Anal Salshingikar
AU  - Smita Gumaste
PY  - 2026
DA  - 2026/07/14
TI  - Detecting Fileless Malware Attacks Through Windows Registry Analysis: A Cybersecurity Case Study
BT  - Proceedings of the International Conference on Responsible, Risk-aware, and Regulated AI (RRRAI 2026)
PB  - Atlantis Press
SP  - 412
EP  - 424
SN  - 1951-6851
UR  - https://doi.org/10.2991/978-94-6239-723-1_37
DO  - 10.2991/978-94-6239-723-1_37
ID  - Chincholkar2026
ER  -