---
type: "term"
title: "Fileless Execution / Fileless Malware"
description: "An attack technique where malicious code executes entirely in memory without writing traditional files to disk, often using legitimate system tools (PowerShell, WMI, .NET reflection) as execution vehicles."
resource: "tlctc:term:fileless-execution-fileless-malware"
tags:
  - "glossary"
---
# Fileless Execution / Fileless Malware

An attack technique where malicious code executes entirely in memory without writing traditional files to disk, often using legitimate system tools (PowerShell, WMI, .NET reflection) as execution vehicles. In TLCTC: fileless execution still maps to `#7 Malware` — the FEC definition explicitly includes in-memory execution, interpreted code, and reflective loading with no "on-disk" requirement. The invocation of the legitimate tool to enable fileless execution may be `#1 Abuse of Functions`, making the typical sequence `#1 → #7`.

See also: Foreign Executable Content (FEC), Living Off the Land / LOLBAS, Dual-Use Tool