Hybrid Analysis Model for Detecting Fileless Malware

Fileless malware is a type of malware that does not rely on executable files to persist or propagate. Unlike traditional file-based malware, fileless malware is more difficult to detect and remove, posing a significant threat to organizations. This paper introduces a novel hybrid analysis model that combines static and dynamic analysis techniques to identify fileless malware. Applied to four real-world and two custom-created fileless malware samples, the proposed model demonstrated its qualitative effectiveness in uncovering complex behaviors and evasion tactics, such as obfuscated macros, process injection, registry persistence, and covert network communications, which often bypass single-method analyses. While the analysis reveals the potential for significant damage to organizational reputation, resources, and operations, the paper also outlines a set of mitigation measures that cybersecurity professionals and researchers can adopt to protect users and organizations against threats posed by fileless malware. Overall, this research offers valuable insights and a novel analysis model to better address and understand fileless malware threats.